docs/content/en/guides/upgrading-meshery/index.md
This guide walks through upgrading a running Meshery deployment. Meshery is a composition of components that upgrade in a specific order: the CLI first, the Server second, and the components on managed clusters — Meshery Operator, MeshSync, and Broker — automatically, driven by the Server. You do not upgrade the Operator by hand.
For background on which components version together, see the [Upgrade Guide]({{< ref "installation/upgrades/index.md" >}}). For production practices (pinned versions, upgrade-friendly probes, rollback rehearsal), see the [Operational Readiness Checklist]({{< ref "installation/production/operational-readiness-checklist.md" >}}).
stable for production; edge for testing).mesheryctl version
kubectl -n meshery get deploy meshery-operator \
-o jsonpath='{.spec.template.spec.containers[0].image}{"\n"}'
mesheryctlUse the package manager you installed with:
brew upgrade mesheryctl # Homebrew
scoop update mesheryctl # Scoop
curl -L https://meshery.io/install | DEPLOY_MESHERY=false bash - # Bash
mesheryctl system update # pull latest images per your release channel
mesheryctl system restart # apply them to the running deployment
Pin an explicit chart version rather than tracking latest, and use the upgrade-friendly probe values so Server pods are not killed while reloading capabilities:
helm repo update meshery
helm upgrade meshery meshery/meshery --namespace meshery \
--version <target-version> \
-f values-upgrade.yaml \
--wait --timeout 10m
Keep your copy of
values-upgrade.yaml
version-controlled alongside your own values.
When the upgraded Meshery Server (re)connects to a managed cluster, it
re-applies the meshery-operator Helm chart at the chart version matching
the Server release. That single helm upgrade, performed by the Server:
Broker and MeshSync CRD schemas (Helm alone never updates CRDs on
upgrade — the Job is what delivers schema changes to live clusters);No action is required on managed clusters. See [How Meshery Server manages Meshery Operator]({{< ref "installation/upgrades/index.md#how-meshery-server-manages-meshery-operator" >}}) for the mechanics and caveats.
{{% alert title="Do not hand-upgrade the Operator on Server-managed clusters" color="warning" %}}
A manual helm upgrade of meshery-operator (or a hand-edited image tag) on
a cluster that Meshery Server manages is a stopgap at best: the Server's
reconciliation re-applies its own pinned chart version and will revert your
change. The durable way to get a newer Operator is to upgrade Meshery Server.
{{% /alert %}}
# Server and components
mesheryctl system status
# Operator image now matches the release bundled with your Server version
kubectl -n meshery get deploy meshery-operator \
-o jsonpath='{.spec.template.spec.containers[0].image}{"\n"}'
# CRDs are current (v1alpha2 storage) and healthy
kubectl get crds brokers.meshery.io meshsyncs.meshery.io
# Broker and MeshSync are reconciled and ready
kubectl -n meshery get brokers,meshsyncs
kubectl -n meshery get statefulset/meshery-nats deployment/meshery-meshsync
In Meshery UI, confirm the cluster connection shows the Operator, MeshSync, and Broker as connected under Settings → Environment.
helm rollback meshery --namespace meshery # Kubernetes deployments
Rolling back the Server is low-risk for data: durable state lives with your Remote Provider, and the local database is a rebuildable cache. Two notes:
helm rollback directly. When the
rolled-back Server reconnects to managed clusters, it re-applies the older
operator chart as a Helm upgrade, and that chart's CRD update Job re-applies
the older schemas. Stored objects remain readable throughout, because served
versions stay identical across current schema revisions.{{< related-discussions tag="meshery" >}}