As we continue to enhance and support the evolving needs of VMware Cloud Foundation (VCF) users, an important milestone is approaching. The last supported version of Kubernetes on VCF 4.x (vCenter 7.x) will be the minor version 1.28, with its End of Service scheduled for May 28, 2025. This presents a timely opportunity to upgrade to VCF 5.2.x, which offers a range of exciting improvements and new capabilities designed to enhance your infrastructure management experience.
VMware Cloud Foundation 5.2.x introduces significant enhancements in lifecycle management, networking, and security, offering improved operational efficiency and streamlined upgrades. This blog post contains additional instructions and recommendations for upgrading to VCF 5.2.x when vSphere Supervisor is enabled on your VCF 4.5.x deployments. The objective of this blog is to help ensure a smooth transition while maintaining the integrity of your Kubernetes environments and leveraging the new features effectively. The blog covers the following topics:
- Supervisor Overview
- Supervisor Upgrade considerations
- Upgrade to VCF 5.2.x with vSphere Supervisor
- VCF Flexible BOM Upgrade
- Planning Target VCF Version
- Recommended Upgrade Path from 4.5.2
- Alternate vCenter Versions
- Important Resources
Supervisor Overview
vSphere Supervisor can transform existing infrastructure into a platform capable of running Kubernetes workloads along with Virtual Machine applications. Once enabled on vSphere clusters, vSphere Supervisor creates a Kubernetes control plane directly in the hypervisor layer. You can then run containerized workloads by deploying vSphere Pods, or you can create Certified Kubernetes clusters through the vSphere Kubernetes Service and run your applications inside these clusters. Supervisor is able to provide these abilities through an integrated declarative API powered by Kubernetes.
Supervisor Upgrade Considerations (Skip if you are already familiar)
The Supervisor software is bundled and delivered as part of vCenter. It runs on Kubernetes and includes three consecutive Kubernetes versions. When upgrading vCenter, the Supervisor’s Kubernetes must also be upgraded incrementally, as Kubernetes minor versions cannot be skipped. This three-version packaging ensures compatibility with a wider range of vCenter versions, offering customers greater flexibility during upgrades. This means, when upgrading vCenter, there must be a common Kubernetes minor version between the existing vCenter and the target vCenter for Supervisor to be upgraded.
If the target vCenter does not have a common Supervisor Version, the vCenter upgrade will be blocked. This constraint is in addition to other VCF upgrade constraints. Additionally, different known issues may exist in each version as documented in the relevant release notes. With all of these factors, determining the optimal upgrade path on your own can be challenging. Consider this sample interoperability:
Upgrading to VCF 5.2.x with vSphere Supervisor
The objective of this blog is to provide administrators with supplementary upgrade information when upgrading VCF to version 5.2.x, when vSphere Supervisor is enabled. You must refer to the the official documentation of upgrading VCF – Upgrading VMware Cloud Foundation to 5.2.x, to plan your upgrades.
Flexible BOM Upgrade
The recommendations below make use of a new VMware Cloud Foundation (VCF) capability available beginning with version 5.2: the SDDC Manager introduces the Flexible BOM Upgrade feature in the upgrade planner. This functionality allows administrators to select specific target versions for each VCF component during upgrades. For instance, in VCF 5.2.1, while vCenter 8.0 Update 3c is included in the Software Bill of Materials (BOM), the Flexible BOM Upgrade option provides the flexibility to choose from a list of supported vCenter versions for upgrading. For more details, refer to the documentation on Flexible BOM Upgrade in VMware Cloud Foundation.
Planning your Target VCF Version
To plan our upgrade path, we’ll work backwards from our desired target version. We focus our example on the latest versions available at the time of writing, including VCF 5.2.1.1 and vCenter 8.0 Update 3d.
| Target | Description |
| Target VCF 5.2.1 vCenter 8.0U3d (recommended) | VCF 5.2.1 – Release notes vCenter included in the BOM – 8.0U3c Recommended to upgrade to vCenter 8.0U3d using Flexible BOM upgrade option Support Supervisor Kubernetes Version in 8.0U3d (1.27, 1.28, 1.29) |
To upgrade to this version, we must:
- Meet the requirements for upgrading to VCF 5.2.1 and vCenter 8.0 Update 3d.
- Be on an overlapping Supervisor Kubernetes version: v1.27-v1.29.
- Ensure all Kubernetes clusters are using vSphere Kubernetes releases compatible with the destination version: v1.25-v1.30.
For example, the standard BOM for VCF 5.2.0 meets these requirements, but not the standard BOM for VCF 5.1.0 (as it includes vCenter 8.0 Update 2a, which does not meet requirement #2) or VCF 4.5.2 (as it includes 7.0 Update 3m, which does not meet requirements #2 or #3).
Recommended Upgrade Path from 4.5.2
Steps
Description
Origin VCF 4.5.2
- VCF 4.5.2- Release notes
- vCenter Bundled in BOM – 7.0U3m
Step 1
Prepare for upgrade to vCenter 7.0 Update 3p
- If using a Supervisor Kubernetes version prior to the v1.23.12 version embedded in 7.0 Update 3m, upgrade the Supervisor. must be at least 1.23.x
- Upgrade any Kubernetes clusters using vSphere Kubernetes release (VKr, previously called TKr) – Compatibility – v1.21 to v1.22.9.
Step 2
Upgrade to vCenter 7.0 Update 3p and fully upgrade Supervisor
- Upgrade through Async Patch tool to vCenter 7.0 Update 3p
- Upgrade Supervisor Kubernetes version to 1.24
- NOTE: At this step, a System Initiated Rolling Update of Tanzu Kubernetes Clusters will occur.
- NOTE: At this step, a System Initiated Rolling Update of Tanzu Kubernetes Clusters will occur.
- Upgrade Supervisor Kubernetes version to 1.25
Step 3
Prepare for upgrade to vCenter 7.0 Update 3u
- Upgrade any Kubernetes clusters using v1.22 to v1.23.8
- Wait for the upgrade to fully complete and the clusters to become ready
Step 4
Upgrade to vCenter 7.0 Update 3u and fully upgrade Supervisor
- Upgrade through Async Patch tool to vCenter 7.0 Update 3u
- Upgrade Supervisor Kubernetes version to 1.26
- NOTE: At this step, a System Initiated Rolling Update of Tanzu Kubernetes Clusters may occur.
- NOTE: At this step, a System Initiated Rolling Update of Tanzu Kubernetes Clusters may occur.
- Upgrade Supervisor Kubernetes version to 1.27
Step 5
Prepare for upgrade to VCF 5.2.1 with vCenter 8.0 Update 3d
- Upgrade any Kubernetes clusters using v1.23 to v1.24.11
- Wait for the upgrade to fully complete and the clusters to become ready
- Upgrade any Kubernetes clusters using v1.24 to v1.25.13
- NOTE: When upgrading from v1.24 to v1.25, your cluster will transition from using the legacy PodSecurityPolicy functionality to using the modern Pod Security Admission. Migrate workloads to Pod Security Admission in anticipation of upgrading to v1.26. See the release notes and documentation for details.
- NOTE: When upgrading from v1.24 to v1.25, your cluster will transition from using the legacy PodSecurityPolicy functionality to using the modern Pod Security Admission. Migrate workloads to Pod Security Admission in anticipation of upgrading to v1.26. See the release notes and documentation for details.
- Wait for the upgrade to fully complete and the clusters to become ready
Step 6
Prepare for upgrade to VCF 5.2.1 with vCenter 8.0 Update 3d
- Upgrade to VCF 5.2.1 with vCenter 8.0 Update 3d using Flexible BOM upgrade option
- Upgrade Supervisor Kubernetes version to 1.28
- NOTE: At this step, a System Initiated Rolling Update will occur to migrate TanzuKubernetesClusters to internally use Cluster API with a ClusterClass. This migration must complete before any further changes can be made to a workload cluster. (How to check if a Tanzu Kubernetes Cluster is undergoing migration?)
- NOTE: At this step, a System Initiated Rolling Update will occur to migrate TanzuKubernetesClusters to internally use Cluster API with a ClusterClass. This migration must complete before any further changes can be made to a workload cluster. (How to check if a Tanzu Kubernetes Cluster is undergoing migration?)
- Upgrade Supervisor Kubernetes version to 1.29
Step 7
Upgrade workload clusters to v1.28 or later
(because v1.26 and v1.27 have reached End of Service)
- Upgrade any Kubernetes clusters using v1.25 to v1.26.13
- Wait for the upgrade to fully complete and the clusters to become ready
- Upgrade any Kubernetes clusters using v1.26 to v1.27.11
- Wait for the upgrade to fully complete and the clusters to become ready
- Upgrade any Kubernetes clusters using v1.27 to v1.28.8
Step 7
Customers are now on VCF 5.2.1, vCenter 8.0 Update 3d and Supervisor Kubernetes version v1.29 using vSphere Kubernetes Service v3.1.1, with workload clusters on v1.28.8 or later.
Review VKr Supportability
Please ensure you are always on a Supported version of Kubernetes -End of Service dates*
- VKr 1.28 – 28-May-2025
- VKr 1.29 – 28-Jul-2025
- VKr 1.30 – 28-Sep-2025
(Dates provided here are for your quick reference only and is subject to change. Please refer the Broadcom Product Lifecycle tool the latest and the most accurate support dates. )
Consider VKS Upgrade
- Once on vCenter 8.0 Update, you can independently upgrade your vSphere Kubernetes Service (VKS) without upgrading Supervisor or vCenter. (Updating vSphere Kubernetes Service)
- For example, once all clusters have been upgraded to v1.28 or higher, upgrading to VKS v3.3 would allow you to use VKr 1.31 and 1.32. Refer to the Interoperability Matrix for more information.
Alternate vCenter Versions
The recommended upgrade path above begins with the standard BOM for VCF 4.5.2. Your path may be slightly different, for example if you have already used the Async Patch tool to move to a different vCenter version.
The image below lists all current vCenter versions between vCenter 7.0 Update 3 to vCenter 8.0 Update 3d. If you are on a different vCenter version, please use the image below to move forward to a recommended vCenter from wherever you are. The versions highlighted are the recommended upgrade paths.
For example, if you are instead using 7.0 Update 3n, you would first move to 7.0 Update 3p (the details of Step 1 would be slightly different, but you would “merge” into the recommended path above at Step 2), or if you are using 7.0 Update 3t you would first move to 7.0 Update 3u (the details of Step 2 would be slightly different, but you would “merge” into the recommended path above at Step 3).
Warnings:
- If upgrading to 8.0 Update 2a, prepare by following Knowledge base article
- If upgrading to 8.0 Update 2e in an environment without egress connectivity from Supervisor control plane nodes (including airgapped environments), contact support before beginning the upgrade.
- System Initiated Rolling Updates will occur in various cases. See documentation and release notes for more information.
- If you have Tanzu Application Platform installed on your legacy clusters, please review the following KB Article before upgrading to non-legacy clusters.
Important Resources
- Upgrading VMware Cloud Foundation to 5.2.x
- Flexible BOM Upgrade in VMware Cloud Foundation
- Async Patch Tool
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
