DigitalOcean’s Managed Kubernetes Service (DOKS) makes it quick and easy to get production-ready clusters running in the cloud. When you create a cluster, you can pick from the three latest Kubernetes minor releases. Here’s how to handle updates so you don’t get left behind on new features and security patches.
Types of Update
You’ll encounter two different kinds of Kubernetes update as you operate your cluster:
- Patch releases – These bump the patch number in the semantic versioning scheme, such as 1.20.1 to 1.20.2. Patch updates should always be safe to update to, with no deprecations or breaking changes.
- Minor releases – A minor release involves a feature bump, such as 1.20 to 1.21. These changes should still be backwards-compatible, so you won’t run into any immediate problems. Some features could be deprecated in a minor release for removal in a future major (1.x to 2.x).
For both patch and minor releases, DigitalOcean offers an automatic upgrade service which will take action on your behalf. Updates will be installed during a preset maintenance window. Minor updates aren’t applied unless you manually enable a cluster-level option first.
DigitalOcean could sometimes force through an update in the event of an urgent security issue. This can happen even if you’ve disabled automatic updates. In addition, your cluster will eventually be upgraded if you stay on the oldest supported Kubernetes version for so long that DigitalOcean discontinues it entirely.
Upgrades are a two-step process. First the Kubernetes control plane is updated, during which your workloads remain available. Your worker nodes are then patched to the new release. This can cause downtime depending on the size of your cluster and its workloads.
Setting Your Update Schedule
Your cluster’s automatic update schedule is set within the DigitalOcean control panel. Log into your account and click your cluster on the homepage. You can also click “Kubernetes” in the left sidebar and choose your cluster from there.
Once you’re on your cluster page, click the “Settings” tab at the top. Click the “Edit” button next to the “Upgrade window” category. Use the two dropdowns to choose a day and time. Click “Save” to confirm your selection. DigitalOcean will schedule automatic upgrades to install during a four hour period starting from the set time.
If you want Kubernetes minor releases to be applied automatically too, click the “Edit” button next to “Automatically upgrade minor version patches.” When the checkbox is ticked, your cluster will move to new minor versions without any manual intervention. You should evaluate this decision against the minimum stability you need for your workloads.
You can always upgrade your cluster manually from within the cloud control panel. You’ll need to do this when you take a minor version upgrade and you’ve not got the automatic option enabled. A manual upgrade is also useful if you want to install a patch ahead of your usual schedule.
Navigate to your cluster in the control panel. Scroll down on the “Overview” tab and click the blue “View Available Upgrade” button. If this button isn’t displayed, your cluster’s already updated and no further patches are available.
If you’re upgrading to a new minor version, DigitalOcean will lint your cluster’s resources to discover any potential compatibility issues. This check could take a few moments to complete. You’ll see the results displayed in the popup window.
Any linting issues should be resolved before you proceed with the update. Although minor Kubernetes updates shouldn’t present serious backwards compatibility issues, upgrades also involve changes to the underlying DOKS platform. DigitalOcean sometimes adjusts DOKS configuration in ways which could introduce upgrade blocks for older versions.
If the lint fails, you should refer to DigitalOcean’s documentation as the resolution steps will differ from cluster to cluster. DigitalOcean’s linting reference includes step-by-step “how to fix” instructions for the most common issues. When you’re done, click “Re-run check” to confirm your fixes are effective.
Once the lint’s passed, click the blue “Upgrade Now” button to commence the update. This may take several minutes depending on the size of your cluster. Progress is shown within the Control Panel UI. The Control Plane gets updated first, followed by each worker node in your cluster.
Updating From the CLI
You can automate updates within your own infrastructure by using DigitalOcean’s CLI, Doctl. Make sure you’ve got Doctl installed and connected to your account.
First get the details of your cluster:
doctl kubernetes cluster list
This command displays all your clusters. Note down the ID of the cluster you want to update.
Next, find the Kubernetes versions which your cluster can migrate to:
doctl kubernetes cluster get-upgrades <ID>
<ID> with the cluster ID you noted earlier. Now you know the versions you can use, run the
upgrade command to start the patch:
doctl kubernetes cluster upgrade <ID> --version 1.20.8
If you want to move directly to the latest release, you can omit the
The upgrade process could take several minutes to complete, just like an installation initiated via the web UI.
Updating a cluster with a single node used to cause downtime. Nodes are replaced with new instances during the update process, so there would be a period where your workloads went offline. When your cluster’s got multiple nodes, the Kubernetes scheduler will move Pods off each upgrading node to maintain availability. You may still encounter downtime if your cluster’s capacity can’t support all your workloads when running “a node down.”
Surge Upgrades are an optional feature which let you guarantee availability during updates, even on single node clusters. When Surge Upgrades are active, DigitalOcean will spin up extra worker nodes ahead of the patch installation. Pods will be moved onto the temporary “surge” nodes while the cluster upgrade is completed.
A maximum of 10 surge nodes will be added to your account. These will be billed at the regular droplet rate. For most clusters, the cost impact should be negligible, as the extra droplets will only live for the duration of the update.
You can activate Surge Upgrades within your cluster’s Settings page. Once turned on, they’ll be used for all future updates, both automated and manual. The Surge Upgrades option is also shown in the confirmation prompt when you’re about to commence a manual update.
You’ve got several options for updating DigitalOcean Kubernetes clusters. It’s usually best to let patch updates get applied automatically, while minor releases can be automated or installed manually with the Cloud Control Panel or Doctl.
Updates shouldn’t cause any downtime for your users provided you’ve got Surge Upgrades enabled. DigitalOcean will automatically create new worker nodes to maintain service availability while the main nodes are updated. If you’re not using Surge Upgrades, you may encounter downtime if you’re using a single-node cluster or you’re left with insufficient capacity as each node drops out to be updated.