Upgrade GKE on Bare Metal

When you install a new version of bmctl, you can upgrade your existing clusters that were created with an earlier version. Upgrading a cluster to the latest GKE on Bare Metal version brings added features and fixes to your cluster. It also ensures that your cluster remains supported. You can upgrade admin, hybrid, standalone, or user clusters with the bmctl upgrade cluster command.

Enable SELinux

If you want to enable SELinux to secure your containers, you must make sure that SELinux is enabled in Enforced mode on all your host machines. Starting with GKE on Bare Metal release 1.9.0 or later, you can enable or disable SELinux before or after cluster creation or cluster upgrades. SELinux is enabled by default on Red Hat Enterprise Linux (RHEL) and CentOS. If SELinux is disabled on your host machines or you aren't sure, see Securing your containers using SELinux for instructions on how to enable it.

GKE on Bare Metal supports SELinux in only RHEL and CentOS systems.

Before you upgrade

Preflight checks are run before a cluster upgrade to validate cluster status and node health.

The following examples show the upgrade process from version 1.8.2 to GKE on Bare Metal 1.9.8.

You can upgrade any given version to the next available version (for example, 1.9.0 to 1.9.1) in the same fashion. Skip upgrades, such as 1.8.1 to 1.9.8, are also supported.

GKE on Bare Metal supports the configuration of up to 250 maximum pods per node. This configuration can only be done during cluster creation and cannot be updated for existing clusters.

Upgrade admin, standalone, hybrid, or user clusters

When you download and install a new version of bmctl, you can upgrade your admin, hybrid, standalone, and user clusters created with an earlier version. For a given version of bmctl, clusters can be upgraded to the same version only.

First, you download the latest bmctl, then modify the appropriate cluster config files, and then you issue the bmctl upgrade cluster command to complete the upgrade.

  1. Download the latest bmctl from the Cloud Storage bucket and use chmod to give bmctl execute permissions to all users:

    gsutil cp gs://anthos-baremetal-release/bmctl/1.9.8/linux-amd64/bmctl bmctl
    chmod a+x bmctl
    
  2. Modify the cluster config file to change the GKE on Bare Metal cluster version from 1.8.2 to 1.9.8. The following shows an example from an admin cluster config:

    ---
    apiVersion: baremetal.cluster.gke.io/v1
    kind: Cluster
    metadata:
      name: cluster1
      namespace: cluster-cluster1
    spec:
      # Cluster type. This can be:
      #   1) admin:  to create an admin cluster. This can later be used to create user clusters.
      #   2) user:   to create a user cluster. Requires an existing admin cluster.
      #   3) hybrid: to create a hybrid cluster that runs admin cluster components and user workloads.
      #   4) standalone: to create a cluster that manages itself, runs user workloads, but does not manage other clusters.
      type: admin
      # Anthos cluster version.
      # Change the following line from 1.8.2 to 1.9.8, shown below
      anthosBareMetalVersion: 1.9.8
    
  3. When upgrading clusters to 1.9.8, you must register the clusters with Connect to your project fleet, if they have not been already.

    1. Manually create service accounts and retrieve the JSON key files as described in Configuring service accounts for use with Connect on the Enabling Google services and service accounts page.
    2. Reference the downloaded JSON keys in the associated gkeConnectAgentServiceAccountKeyPath and gkeConnectRegisterServiceAccountKeyPath fields of the cluster config file.
  4. Use the bmctl upgrade cluster command to complete the upgrade:

    bmctl upgrade cluster -c CLUSTER_NAME --kubeconfig ADMIN_KUBECONFIG
    

    Replace the following:

    • CLUSTER_NAME: the name of the cluster to upgrade.
    • ADMIN_KUBECONFIG: the path to the admin cluster kubeconfig file.