Talos
Omni
Kubernetes GuidesUpgrade Talos Linux
To upgrade Talos Linux across all nodes in a cluster:- Sign in to Omni.
- Open Clusters from the left navigation.
- Select the cluster to upgrade.
- Click the upgrade indicator next to the current Talos version, or click Update Talos on the cluster panel.
- Select the version to deploy.
- Click Upgrade.
Omni only allows supported upgrade paths. In some cases, an intermediate upgrade may be required before upgrading to the most recent version.
What happens during a Talos Linux upgrade in Omni
Omni upgrades control plane nodes first, verifying that the etcd cluster is healthy and will remain healthy after each node leaves the etcd cluster before proceeding. For each node, Omni drains and cordons it, updates the OS, then uncordons it. All upgrades retain ephemeral data on the node. If any of your workloads are sensitive to ungraceful shutdowns, configure the
lifecycle.preStop field [bla add how to do this] in the Pod spec.Upgrade Kubernetes in your Omni clusters
When a new Kubernetes version is available, Omni displays an upgrade indicator in the cluster overview. To upgrade Kubernetes:- Open the cluster.
- Click the upgrade indicator next to the Kubernetes version, or select Update Kubernetes.
- Choose the target version and start the upgrade.
What happens during a Kubernetes upgrade
Kubernetes upgrades proceed in the following order:- Images for new Kubernetes components are pre-pulled to all nodes to minimize downtime and verify image availability.
- New static pod definitions are rendered and picked up by the kubelet. Omni waits for the change to propagate to the API server.
- The
kube-proxydaemonset is updated with the new image version. - The kubelet is updated on every node in the cluster.
Omni does not remove obsolete Kubernetes resources. Clean up unused resources manually if needed.
Apply updated Kubernetes manifests
Omni does not automatically apply updates to Kubernetes bootstrap manifests during an upgrade. Bootstrap manifests include cluster-critical components such as CoreDNS, kube-proxy, and the CNI plugin. This is intentional as it prevents Omni from overwriting changes you have made manually to those manifests. After the upgrade completes, Omni shows a diff of the proposed changes before applying them. Review these changes and apply only what is appropriate for your cluster. To do review these changes, open Bootstrap Manifests from the left navigation after each Kubernetes upgrade.
The
talosctl upgrade-k8s command provides a --dry-run flag that previews manifest changes before the upgrade runs. Omni surfaces these changes after the upgrade completes, but before they are applied.Locking nodes
Locking a node prevents it from receiving configuration updates, upgrades, or downgrades. This is useful when you want to roll out changes to a subset of nodes first, for example, to validate that your workloads behave correctly on the new version before updating the rest of the cluster.Note: Control plane nodes cannot be locked. Running a worker node on a higher Kubernetes version than the control plane is unsupported and may cause API version incompatibility.To lock a node, click the lock icon to the right of the node on the cluster overview page, or run the following command, replacing
<machine-id> with the ID of your machine: