Upgrade the global cluster

consists of a global cluster and one or more workload clusters. The global cluster must be upgraded before any workload clusters.

This document walks you through the upgrade procedure for the global cluster.

If the global cluster is configured with the global DR (Disaster Recovery) solution, follow the global DR procedure strictly. Otherwise, follow the Standard procedure .

Standard procedure

WARNING

If you are upgrading from 3.16.x or 3.18.x and have Application Services installed, please refer to the Application Services upgrade guide for additional steps that must be performed before upgrading the global cluster.

Upload images

Copy the core package to any control plane node of the global cluster. Extract the package and cd into the extracted directory.

If the global cluster uses the built-in registry, run:
```
bash upgrade.sh --only-sync-image=true
```

If the global cluster uses an external registry, you also need to provide the registry address:

bash upgrade.sh --only-sync-image=true --registry <registry-address> --username <username> --password <password>

If you plan to upgrade the Operator and Cluster Plugin together during the global cluster upgrade, you can pre-push their images to the global cluster's registry in advance. For bulk upload instructions, see Push only images from all packages in a directory.

INFO

Uploading images typically takes about 2 hours, depending on your network and disk performance.

If your platform is configured for global disaster recovery (DR), remember that the standby global cluster also requires image upload. Be sure to plan your maintenance window accordingly.

WARNING

When using violet to upload packages to a standby cluster, the parameter --dest-repo <VIP addr of standby cluster> must be specified.
Otherwise, the packages will be uploaded to the image repository of the primary cluster, preventing the standby cluster from installing or upgrading extensions.

Also be awared that either authentication info of the standby cluster's image registry or --no-auth parameter MUST be provided.

For details of the violet push subcommand, please refer to Upload Packages.

Trigger the upgrade

After the image upload is complete, run the following command to start the upgrade process:

bash upgrade.sh --skip-sync-image

Wait for the script to finish before proceeding.

If you have already pre-pushed the Operator and Cluster Plugin images to the global cluster's registry, you can then follow Create only CRs from all packages in a directory. After running this command, wait about 10–15 minutes until upgrade notifications appear for functional components. You will then be able to upgrade the Operator and Cluster Plugin together as part of the subsequent upgrade steps.

Upgrade the global cluster

Log in to the Web Console of the global cluster and switch to Administrator view.
Navigate to Clusters > Clusters.
Click on the global cluster to open its detail view.
Go to the Functional Components tab.
Click the Upgrade button.

Review the available component updates in the dialog, and confirm to proceed.

INFO

Upgrading the Kubernetes version is optional. However, since service disruptions may occur regardless, we recommend including the Kubernetes upgrade to avoid multiple maintenance windows.
If the Alauda Container Platform GitOps is installed in the global cluster, and after the upgrading, the pods of the plugin is running abnormally.Please refer to Upgrading Alauda Container Platform GitOps.

Install Product Docs Plugin

INFO

The Alauda Container Platform Product Docs plugin provides access to product documentation within the platform. All help links throughout the platform will direct users to this documentation. If this plugin is not installed, clicking help links in the platform will result in 404 access errors.

Starting from ACP 4.0, the built-in product documentation has been separated into the Alauda Container Platform Product Docs plugin. If you are upgrading from version 3.18, you need to install this plugin by following these steps:

Navigate to Administrator.
In the left sidebar, click Marketplace > Cluster Plugins and select the global cluster.
Locate the Alauda Container Platform Product Docs plugin and click Install.

Post-upgrade

global DR procedure

Verify data consistency

Follow your regular global DR inspection procedures to ensure that data in the standby global cluster is consistent with the primary global cluster.

If inconsistencies are detected, contact technical support before proceeding.

On both clusters, run the following command to ensure no Machine nodes are in a non-running state:

kubectl get machines.platform.tkestack.io

If any such nodes exist, contact technical support to resolve them before continuing.

Uninstall the etcd sync plugin

Upgrading from 3.18

Upgrading from 3.16

Access the Web Console of the primary global cluster via its IP or VIP.
Switch to the Platform Management view.
Navigate to Catalog > Cluster Plugin.
Select global from the cluster dropdown.
Find the EtcdSync plugin and click Uninstall. Wait for the uninstallation to complete.

Upload images

Perform the Upload images step on both the standby cluster and the primary cluster.

See Upload images in Standard procedure for details.

Upgrade the standby cluster

INFO

Accessing the standby cluster Web Console is required to perform the upgrade.

Before proceeding, verify that the ProductBase resource of the standby cluster is correctly configured with the cluster VIP under spec.alternativeURLs.

If not, update the configuration as follows:

apiVersion: product.alauda.io/v1alpha2
kind: ProductBase
metadata:
  name: base
spec:
  alternativeURLs:
    - https://<standby-cluster-vip>

On the standby cluster, follow the steps in the Standard procedure to complete the upgrade.

Upgrade the primary cluster

After the standby cluster has been upgraded, proceed with the Standard procedure on the primary cluster.

Reinstall the etcd sync plugin

Before reinstalling, verify that port 2379 is properly forwarded from both global cluster VIPs to their control plane nodes.

To reinstall:

Access the Web Console of the standby global cluster via its IP or VIP.
Switch to Administrator view.
Go to Marketplace > Cluster Plugins.
Select the global cluster.
Locate Alauda Container Platform etcd Synchronizer, click Install, and provide the required parameters.

To verify installation:

kubectl get po -n cpaas-system -l app=etcd-sync  # Ensure pod is 1/1 Running

kubectl logs -n cpaas-system $(kubectl get po -n cpaas-system -l app=etcd-sync --no-headers | awk '{print $1}' | head -1) | grep -i "Start Sync update"
# Wait until the logs contain "Start Sync update"

# Recreate the pod to trigger synchronization of resources with ownerReferences
kubectl delete po -n cpaas-system $(kubectl get po -n cpaas-system -l app=etcd-sync --no-headers | awk '{print $1}' | head -1)

Check Synchronization Status

Run the following to verify the synchronization status:

curl "$(kubectl get svc -n cpaas-system etcd-sync-monitor -ojsonpath='{.spec.clusterIP}')/check"

Explanation of output:

"LOCAL ETCD missed keys:" – Keys exist in the primary cluster but are missing in the standby. This often resolves after a pod restart.
"LOCAL ETCD surplus keys:" – Keys exist in the standby cluster but not in the primary. Review these with your operations team before deletion.

View full docs as PDF

Upgrade the global cluster

consists of a global cluster and one or more workload clusters. The global cluster must be upgraded before any workload clusters.

This document walks you through the upgrade procedure for the global cluster.

If the global cluster is configured with the global DR (Disaster Recovery) solution, follow the global DR procedure strictly. Otherwise, follow the Standard procedure .

Standard procedure

WARNING

Upload images

Copy the core package to any control plane node of the global cluster. Extract the package and cd into the extracted directory.

If the global cluster uses the built-in registry, run:
```
bash upgrade.sh --only-sync-image=true
```

If the global cluster uses an external registry, you also need to provide the registry address:

bash upgrade.sh --only-sync-image=true --registry <registry-address> --username <username> --password <password>

INFO

Uploading images typically takes about 2 hours, depending on your network and disk performance.

If your platform is configured for global disaster recovery (DR), remember that the standby global cluster also requires image upload. Be sure to plan your maintenance window accordingly.

WARNING

Also be awared that either authentication info of the standby cluster's image registry or --no-auth parameter MUST be provided.

For details of the violet push subcommand, please refer to Upload Packages.

Trigger the upgrade

After the image upload is complete, run the following command to start the upgrade process:

bash upgrade.sh --skip-sync-image

Wait for the script to finish before proceeding.

Upgrade the global cluster

Log in to the Web Console of the global cluster and switch to Administrator view.
Navigate to Clusters > Clusters.
Click on the global cluster to open its detail view.
Go to the Functional Components tab.
Click the Upgrade button.

Review the available component updates in the dialog, and confirm to proceed.

INFO

Upgrading the Kubernetes version is optional. However, since service disruptions may occur regardless, we recommend including the Kubernetes upgrade to avoid multiple maintenance windows.
If the Alauda Container Platform GitOps is installed in the global cluster, and after the upgrading, the pods of the plugin is running abnormally.Please refer to Upgrading Alauda Container Platform GitOps.

Install Product Docs Plugin

INFO

Navigate to Administrator.
In the left sidebar, click Marketplace > Cluster Plugins and select the global cluster.
Locate the Alauda Container Platform Product Docs plugin and click Install.

Post-upgrade

global DR procedure

Verify data consistency

Follow your regular global DR inspection procedures to ensure that data in the standby global cluster is consistent with the primary global cluster.

If inconsistencies are detected, contact technical support before proceeding.

On both clusters, run the following command to ensure no Machine nodes are in a non-running state:

kubectl get machines.platform.tkestack.io

If any such nodes exist, contact technical support to resolve them before continuing.

Uninstall the etcd sync plugin

Upgrading from 3.18

Upgrading from 3.16

Access the Web Console of the primary global cluster via its IP or VIP.
Switch to the Platform Management view.
Navigate to Catalog > Cluster Plugin.
Select global from the cluster dropdown.
Find the EtcdSync plugin and click Uninstall. Wait for the uninstallation to complete.

Upload images

Perform the Upload images step on both the standby cluster and the primary cluster.

See Upload images in Standard procedure for details.

Upgrade the standby cluster

INFO

Accessing the standby cluster Web Console is required to perform the upgrade.

Before proceeding, verify that the ProductBase resource of the standby cluster is correctly configured with the cluster VIP under spec.alternativeURLs.

If not, update the configuration as follows:

apiVersion: product.alauda.io/v1alpha2
kind: ProductBase
metadata:
  name: base
spec:
  alternativeURLs:
    - https://<standby-cluster-vip>

On the standby cluster, follow the steps in the Standard procedure to complete the upgrade.

Upgrade the primary cluster

After the standby cluster has been upgraded, proceed with the Standard procedure on the primary cluster.

Reinstall the etcd sync plugin

Before reinstalling, verify that port 2379 is properly forwarded from both global cluster VIPs to their control plane nodes.

To reinstall:

Access the Web Console of the standby global cluster via its IP or VIP.
Switch to Administrator view.
Go to Marketplace > Cluster Plugins.
Select the global cluster.
Locate Alauda Container Platform etcd Synchronizer, click Install, and provide the required parameters.

To verify installation:

kubectl get po -n cpaas-system -l app=etcd-sync  # Ensure pod is 1/1 Running

kubectl logs -n cpaas-system $(kubectl get po -n cpaas-system -l app=etcd-sync --no-headers | awk '{print $1}' | head -1) | grep -i "Start Sync update"
# Wait until the logs contain "Start Sync update"

# Recreate the pod to trigger synchronization of resources with ownerReferences
kubectl delete po -n cpaas-system $(kubectl get po -n cpaas-system -l app=etcd-sync --no-headers | awk '{print $1}' | head -1)

Check Synchronization Status

Run the following to verify the synchronization status:

curl "$(kubectl get svc -n cpaas-system etcd-sync-monitor -ojsonpath='{.spec.clusterIP}')/check"

Explanation of output:

"LOCAL ETCD missed keys:" – Keys exist in the primary cluster but are missing in the standby. This often resolves after a pod restart.
"LOCAL ETCD surplus keys:" – Keys exist in the standby cluster but not in the primary. Review these with your operations team before deletion.

How to

Backup Management

Recovery Management

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Concepts

Guides

Namespaces

Pre-Application-Creation Preparation

Creating Applications

Post-Application-Creation Configuration

Operation and Maintenance

Application Observability

Workloads

Pod

Container

How To

Install

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application

GitOps Observability

Architecture

Guides

How To

Guides

How To

Troubleshooting