| name | upgrade-cluster |
| description | Upgrade Talos Linux, Kubernetes version, or cluster components safely |
Upgrade Cluster Skill
Safely upgrade Talos Linux, Kubernetes, and cluster components.
When to Use
- User wants to upgrade Kubernetes version
- User wants to upgrade Talos Linux
- User wants to upgrade Cilium or other core components
- Security patches needed
Pre-Upgrade Checklist
Check current versions:
talosctl -n 172.16.1.50 version kubectl version cilium version flux versionVerify cluster health:
kubectl get nodes talosctl -n 172.16.1.50 health flux get ks -A | grep -v "Applied"Check for pending HelmReleases:
flux get hr -A | grep -v "Release"
Talos Upgrade Process
- Update Talos version pin in
talos/talenv.yaml - Generate new configs:
task talos:generate-config - Upgrade control plane nodes one at a time:
task talos:upgrade-node IP=172.16.1.50 # Wait for node to rejoin kubectl get nodes -w task talos:upgrade-node IP=172.16.1.51 task talos:upgrade-node IP=172.16.1.52 - Upgrade worker nodes:
task talos:upgrade-node IP=172.16.1.53
Kubernetes Upgrade Process
- Update Kubernetes version pin in
talos/talenv.yaml - Regenerate configs:
task talos:generate-config - Apply to control plane:
task talos:upgrade-k8s
Component Upgrades (GitOps)
Components upgrade automatically via Renovate PRs:
- Review Renovate PR for the component
- Check release notes for breaking changes
- Merge PR - Flux will reconcile
Manual Component Upgrade
- Update version in relevant HelmRelease
- Commit and push
- Monitor:
flux get hr <name> -n <namespace> -w
Rollback Procedures
Talos Rollback
talosctl -n <node-ip> rollback
Flux HelmRelease Rollback
flux suspend hr <name> -n <namespace>
# Revert git commit
git revert HEAD
git push
flux resume hr <name> -n <namespace>
Post-Upgrade Verification
kubectl get nodes -o wide
flux get ks -A
flux get hr -A
cilium status