DigitalOcean’s Managed Kubernetes Service (DOKS) makes it quick and easy to get production-ready clusters running in the cloud. When you create a cluster, you can choose from the last three minor versions of Kubernetes. Here’s how to handle updates so you’re not left behind in new features and security patches.
You will encounter two different types of Kubernetes update while operating your cluster:
- Patch releases – These increase the patch number in the semantic version control scheme, such as 1.20.1 to 1.20.2. Patch updates should always be safe to update, without depreciation or major changes.
- Minor releases – A minor version implies an increase in functions, such as 1.20 to 1.21. These changes should still be backward compatible, so you won’t run into any immediate problems. Some features may be deprecated in a minor release to be removed in a future major release (1.x to 2.x).
For both patches and minor releases, DigitalOcean offers an automatic update service that will take action on your behalf. The updates will be installed during a preset maintenance window. Minor updates are not applied unless you first manually enable a cluster-level option.
On occasion, Digital Ocean might force an update in the event of an urgent security issue. This can happen even if you are disabled Automatic Updates. Also, your cluster will eventually be upgraded if you stay on the oldest supported Kubernetes version for so long that DigitalOcean completely discontinues it.
Updates are a two-step process. The Kubernetes control plane is updated first, during which your workloads remain available. Then your worker nodes are patched to the new version. This can cause downtime depending on the size of your cluster and your workloads.
Setting your update schedule
The automatic update schedule for your cluster is set within the Digital Ocean dashboard. Login to your account and click on your cluster on the home page. You can also click on “Kubernetes” in the left sidebar and choose your cluster from there.
Once you are on your cluster page, click on the “Settings” tab at the top. Click the “Edit” button next to the “Update Window” category. Use the two drop-down menus to choose a day and time. Click “Save” to confirm your selection. DigitalOcean will schedule automatic updates to install for a period of four hours from the set time.
If you want Kubernetes minor versions to be applied automatically as well, click the “Edit” button next to “Automatically update minor version patches.” When the checkbox is checked, your cluster will be moved to new minor versions without any manual intervention. You should weigh this decision against the minimum stability you need for your workloads.
You can always update your cluster manually from the cloud dashboard. You will need to do this when you do a minor version update and you do not have the automatic option enabled. A manual update is also useful if you want to install a patch before your regular hours.
Navigate to your cluster in the dashboard. Scroll down to the “Overview” tab and click the blue “View available update” button. If this button is not displayed, your cluster is already up to date and there are no more patches available.
If you are upgrading to a new minor version, DigitalOcean will filter your cluster resources to discover any potential compatibility issues. This check may take a few minutes to complete. You will see the results displayed in the pop-up window.
Any lint issues should be resolved before proceeding with the update. While minor Kubernetes updates shouldn’t present serious backward compatibility issues, updates also involve changes to the underlying DOKS platform. DigitalOcean sometimes adjusts DOKS settings in a way that could introduce upgrade blocks for older versions.
If the lint fails, you should consult DigitalOcean Documentation as the resolution steps will differ from group to group. The DigitalOcean Lint Reference includes step-by-step “how to fix” instructions for common problems. When you are done, click “Re-run verification” to confirm that the corrections are effective.
Once the fluff has passed, click the blue “Update Now” button to accept the update. This can take several minutes depending on the size of your cluster. Progress is displayed in the Control Panel user interface. The control plane is updated first, followed by each worker node in your cluster.
Update from the CLI
You can automate updates within your own infrastructure using the DigitalOcean CLI, Doctl. Make sure you have Doctl installed and logged into your account.
First get the details of your cluster:
doctl kubernetes cluster list
This command shows all your clusters. Make a note of the ID of the cluster that you want to upgrade.
Next, find the Kubernetes versions your cluster can migrate to:
doctl kubernetes cluster get-upgrades <ID>
<ID> with the cluster ID that you noted earlier. Now that you know the versions you can use, run the
upgrade command to start the patch:
doctl kubernetes cluster upgrade <ID> --version 1.20.8
If you want to jump directly to the latest version, you can skip the
The update process can take several minutes to complete, as does an installation initiated through the web user interface.
Upgrading a single node cluster is used to cause downtime. Nodes are replaced with new instances during the upgrade process, so there would be a period when their workloads went offline. When your cluster has multiple nodes, the Kubernetes scheduler will move the pods from each update node to maintain availability. You may still have downtime if your cluster capacity cannot support all your workloads when running “one node down”.
Surge upgrades are an optional feature that enables you to ensure availability during upgrades, even in single node clusters. When surge updates are active, DigitalOcean will activate additional worker nodes prior to patch installation. Pods will be moved to temporary “surge” nodes while the cluster upgrade completes.
A maximum of 10 augmentation nodes will be added to your account. These will be billed at the normal drop rate. For most clusters, the cost impact should be negligible, as the additional drops will only be available during the upgrade.
You can enable surge updates on your cluster’s configuration page. Once turned on, they will be used for all future updates, both automatic and manual. The Surge Upgrades option is also displayed in the confirmation message when a manual update is about to begin.
You have several options for upgrading DigitalOcean Kubernetes clusters. It is generally best to allow patch updates to be applied automatically, while minor versions can be automated or installed manually with the Cloud Control Panel or Doctl.
Updates shouldn’t cause any downtime for your users, as long as you have overload updates enabled. DigitalOcean will automatically create new worker nodes to maintain service availability while core nodes are updated. If you are not using Surge Upgrades, you may encounter downtime if you are using a single node cluster or are left with insufficient capacity as each node stops being upgraded.