Update self-host upgrade guide

The guide now reflects that rolling upgrades are allowable in certain scenarios. The guide also explicitly calls out when client tools should be upgraded.
gravitational · Feb 4, 2025 · 717d299 · 717d299
1 parent 169335a
commit 717d299
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/docs/pages/upgrading/overview.mdx b/docs/pages/upgrading/overview.mdx
@@ -34,28 +34,37 @@ Teleport cluster:
    Restore](../admin-guides/management/operations/backup-restore.mdx).
 
 1. If several Auth Service instances are running in a high availability
-   configuration (for example, in an AWS Auto Scaling group), you must shrink
-   the group to **just one Auth Service** before performing an upgrade.
+   configuration (for example, in an AWS Auto Scaling group), you may perform
+   rolling upgrades **if you adhere to the following criteria**. If the criteria
+   cannot be met, then you must shrink the group to **just one Auth Service** before
+   performing an upgrade.
+
+    1.1 No features introduced in the new release are used during the upgrade process.
+
+    - No Teleport clients (tctl, tsh, tbot, etc.) are upgraded until after the Auth, Proxy,
+        and agents have been upgraded.
 
 1. Upgrade the **Auth Service** to the next **major version first**. If there
    are data format changes introduced in the new version, the Auth Service
    performs the necessary migrations.  After the upgrade, start the Auth Service
-   and CONFIRM that it's in a healthy state before continuing.
+   and CONFIRM that the cluster is in a healthy state before continuing.
 
 1. Upgrade Proxy Service instances to the same version number as the Auth
    Service. Proxy Service instances are stateless and can be upgraded in any
    sequence or at the same time.
 
 1. Upgrade your Teleport agents to the same version number as the Auth Service.
    You can upgrade resource agents in any sequence or at the same time.
-   
+
    If you are upgrading more then one version number, repeat these steps until
    you reach your target major version number.
 
+1. Upgrade your Teleport clients (tctl, tsh, tbot, terraform-provider, event-handler, etc.).
+
 ## Upgrading multiple Teleport clusters
 
 When upgrading multiple Teleport clusters with a trust relationship, you must
-upgrade in the following sequence to avoid compatibility issues. 
+upgrade in the following sequence to avoid compatibility issues.
 
 You must upgrade all clusters one major version at a time. For example, if you
 would like to upgrade your clusters from v10 to v12, you must follow the