diff --git a/k8s/upgrde_26_27.yml b/k8s/upgrde_26_27.yml
index a7bd6c9..8c90a7b 100644
--- a/k8s/upgrde_26_27.yml
+++ b/k8s/upgrde_26_27.yml
@@ -72,3 +72,73 @@
     with_items:
       - "kubelet"
       - "kubeadm"
+- name: Upgrade masters
+  hosts: masters
+  become: yes
+  become_method: sudo
+  become_user: root
+  tasks:
+  - name: Remove apparmor for sanity reasons
+    apt:
+      name: "apparmor"
+      state: absent
+      autoremove: yes
+      purge: yes
+  - name: Check if keyring exists
+    stat:
+      path: /etc/apt/keyrings/kubernetes-apt-keyring{{ K8S_TARGET_VERSION}}.gpg
+    register: keyring_file
+  - name: Install certificate
+    command: "{{ item }} chdir=/tmp"
+    with_items:
+      - "curl -o Release.key -fsSL https://pkgs.k8s.io/core:/stable:/{{ K8S_TARGET_VERSION }}/deb/Release.key"
+      - "gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring{{ K8S_TARGET_VERSION }}.gpg Release.key"
+      - "rm Release.key"
+    when: not keyring_file.stat.exists
+  - name: Check if apt repo exists
+    stat:
+      path: /etc/apt/sources.list.d/kubernetes_{{ K8S_TARGET_VERSION}}.list
+    register: apt_repo
+  - name: Setup APT repo
+    copy:
+      dest: /etc/apt/sources.list.d/kubernetes_{{ K8S_TARGET_VERSION}}.list
+      content: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring{{ K8S_TARGET_VERSION}}.gpg] https://pkgs.k8s.io/core:/stable:/{{ K8S_TARGET_VERSION }}/deb/ /"
+    when: not apt_repo.stat.exists
+  - name: Update cache
+    apt:
+      update_cache: yes
+  - name: Unhold packages
+    dpkg_selections:
+      name: "{{ item }}"
+      selection: install
+    with_items:
+      # - "kubelet"
+      - "kubeadm"
+  - name: Upgrading packages
+    apt:
+      upgrade: yes
+  - name: Pulling new container images
+    shell: "kubeadm config images pull"
+  - name: Apply upgrade for masters
+    shell: "sudo kubeadm upgrade node -y >> /etc/kubernetes/upgrade_ops_{{ K8S_SOURCE_VERSION}}_{{ K8S_TARGET_VERSION}}"
+    args:
+      creates: /etc/kubernetes/upgrade_ops_{{ K8S_SOURCE_VERSION}}_{{ K8S_TARGET_VERSION}}
+  - name: Unhold kubelet
+    dpkg_selections:
+      name: kubelet
+      selection: install
+  - name: Update kubelet
+    apt:
+      update_cache: yes
+      upgrade: yes
+  - name: Restart kubelet
+    service:
+      name: kubelet
+      state: restarted
+  - name: Pin new package versions
+    dpkg_selections:
+      name: "{{ item }}"
+      selection: hold
+    with_items:
+      - "kubelet"
+      - "kubeadm"
\ No newline at end of file