check the clustersettings and look which one is the active member (if using active/passive cluster). upgrade the one thats inactive and waiting for completion. it takes a while and then instructs the master to upgrade automatically while taking over the VIP.

actually its not important which one is done first (if you planned a downtime), cause it will instruct the other member automatically anyway.

If it is an active / passive cluster then you simply login to the VIP address and issue the ugprade command. The cluster will handle availability and it will be transparent to the user base.

Active / Active is where you will need to control the upgrade process.

For an active / active cluster an upgrade on node1 will initiate successive upgrades on other nodes after completion.

If there is a load balancer which is accepting all incoming connections, the users should not see any difference as sessions are synchronized across nodes in an active / active cluster.

It is important to ensure that the nodes have adequate licenses to handle the additional user load coming from the node that is currently upgrading.

As others have said; the order doesn't matter.

You will want a downtime, in the event something unexpected happens, but once you start the upgrade on any node, it will complete and then push to the other node (and so-on until all nodes are upgraded).