Update a managed cluster

After you verify that the Mirantis Container Cloud management cluster is upgraded successfully as described in Verify the Container Cloud status before managed cluster update, proceed to update your managed clusters using the Container Cloud web UI.


During a baremetal-based cluster update, hosts can be restarted to apply the latest supported Ubuntu 18.04 or 20.04 packages. In this case:

  • Depending on the cluster configuration, applying security updates and host restart can increase the update time for each node to up to 1 hour.

  • Cluster nodes are updated one by one. Therefore, for large clusters, the update may take several days to complete.

To update a managed cluster:

  1. Log in to the Container Cloud web UI with the m:kaas:namespace@operator or m:kaas:namespace@writer permissions.

  2. Switch to the required project using the Switch Project action icon located on top of the main left-side navigation panel.

  3. In the Clusters tab, click More action icon in the last column for each cluster and select Update cluster where available.

  4. In the Release Update window, select the required Cluster release to update your managed cluster to.

    The Description section contains the list of components versions to be installed with a new Cluster release. The release notes for each Container Cloud and Cluster release are available at Mirantis Container Cloud releases and Cluster releases (managed).

  5. Click Update.

    Before the cluster update starts, Container Cloud performs a backup of MKE and Docker Swarm. The backup directory is located under:

    • /srv/backup/swarm on every Container Cloud node for Docker Swarm

    • /srv/backup/ucp on one of the controller nodes for MKE

    To monitor the cluster readiness, hover over the status icon of a specific cluster in the Status column of the Clusters page.

    Once the orange blinking status icon becomes green and Ready, the cluster deployment or update is complete.

    You can monitor live deployment status of the following cluster components:




    For the OpenStack and AWS-based clusters, the Bastion node IP address status that confirms the Bastion node creation


    Installation or upgrade status of all Helm releases


    Readiness of the node in a Kubernetes cluster, as reported by kubelet


    Readiness of all requested Kubernetes objects


    Equality of the requested nodes number in the cluster to the number of nodes having the Ready LCM status


    Readiness of the cluster OIDC configuration


    Health of all StackLight-related objects in a Kubernetes cluster


    Readiness of all nodes in a Docker Swarm cluster


    Readiness of the Kubernetes API load balancer


    Readiness of all machines in the underlying infrastructure (virtual or bare metal, depending on the provider type)


In rare cases, after a managed cluster upgrade, Grafana may stop working due to the issues with helm-controller.

The development team is working on the issue that will be addressed in one of the following releases.


MKE and Kubernetes API may return short-term 50x errors during the upgrade process. Ignore these errors.


If you need to access the cluster while the update is in progress, use the admin kubeconfig instead of the existing one while OIDC settings are being reconfigured.

To obtain the admin kubeconfig:

kubectl --kubeconfig <pathToMgmtKubeconfig> get secret -n <affectedClusterNamespace> \
-o yaml <affectedClusterName>-kubeconfig | awk '/admin.conf/ {print $2}' | \
head -1 | base64 -d > clusterKubeconfig.yaml

If the related cluster is regional, replace <pathToMgmtKubeconfig> with <pathToRegionalKubeconfig>.