Upgrade Cluster Skill
Safely upgrade Talos Linux, Kubernetes, and cluster components.
When to Use
- •User wants to upgrade Kubernetes version
- •User wants to upgrade Talos Linux
- •User wants to upgrade Cilium or other core components
- •Security patches needed
Pre-Upgrade Checklist
- •
Check current versions:
bashtalosctl -n 172.16.1.50 version kubectl version cilium version flux version
- •
Verify cluster health:
bashkubectl get nodes talosctl -n 172.16.1.50 health flux get ks -A | grep -v "Applied"
- •
Check for pending HelmReleases:
bashflux get hr -A | grep -v "Release"
Talos Upgrade Process
- •Update Talos version pin in
talos/talenv.yaml - •Generate new configs:
bash
task talos:generate-config
- •Upgrade control plane nodes one at a time:
bash
task talos:upgrade-node IP=172.16.1.50 # Wait for node to rejoin kubectl get nodes -w task talos:upgrade-node IP=172.16.1.51 task talos:upgrade-node IP=172.16.1.52
- •Upgrade worker nodes:
bash
task talos:upgrade-node IP=172.16.1.53
Kubernetes Upgrade Process
- •Update Kubernetes version pin in
talos/talenv.yaml - •Regenerate configs:
bash
task talos:generate-config
- •Apply to control plane:
bash
task talos:upgrade-k8s
Component Upgrades (GitOps)
Components upgrade automatically via Renovate PRs:
- •Review Renovate PR for the component
- •Check release notes for breaking changes
- •Merge PR - Flux will reconcile
Manual Component Upgrade
- •Update version in relevant HelmRelease
- •Commit and push
- •Monitor:
flux get hr <name> -n <namespace> -w
Rollback Procedures
Talos Rollback
bash
talosctl -n <node-ip> rollback
Flux HelmRelease Rollback
bash
flux suspend hr <name> -n <namespace> # Revert git commit git revert HEAD git push flux resume hr <name> -n <namespace>
Post-Upgrade Verification
bash
kubectl get nodes -o wide flux get ks -A flux get hr -A cilium status