Add troubleshooting notes for manually managing helm charts (#2327)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

docs/docs/workflows/troubleshooting.md

@@ -78,6 +78,21 @@ You can run these commands to learn about the versions currently configured in t
 - image version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.imageVersion`
 - microservices versions: `helm list --filter 'constellation-services' -n kube-system`
 
+### Upgrading Kubernetes resources fails
+
+Constellation manages its Kubernetes resources using Helm.
+When applying an upgrade, the charts that are about to be installed, and a values override file `overrides.yaml`,
+are saved to disk in your current workspace under `constellation-upgrade/upgrade-<timestamp>/helm-charts/`.
+If upgrading the charts using the Constellation CLI fails, you can review these charts and try to manually apply the upgrade.
+
+:::caution
+
+Changing and manually applying the charts may destroy cluster resources and can lead to broken Constellation deployments.
+Proceed with caution and when in doubt,
+check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support).
+
+:::
+
 ## Diagnosing issues
 
 ### Cloud logging

docs/docs/workflows/upgrade.md

@@ -58,9 +58,10 @@ Image and Kubernetes upgrades take longer.
 For each node in your cluster, a new node has to be created and joined.
 The process usually takes up to ten minutes per node.
 
-When applying an upgrade, backup files of Constellation-managed Custom Resource Definitions, Custom Resources, and Terraform state are created.
+When applying an upgrade, the Helm charts for the upgrade as well as backup files of Constellation-managed Custom Resource Definitions, Custom Resources, and Terraform state are created.
 You can use the Terraform state backup to restore previous resources in case an upgrade misconfigured or erroneously deleted a resource.
 You can use the Custom Resource (Definition) backup files to restore Custom Resources and Definitions manually (e.g., via `kubectl apply`) if the automatic migration of those resources fails.
+You can use the Helm charts to manually apply upgrades to the Kubernetes resources, should an upgrade fail.
 
 ## Check the status
 
@@ -82,16 +83,16 @@ Here's an example output:
 
 ```shell-session
 Target versions:
-	Image: v2.6.0
+    Image: v2.6.0
-	Kubernetes: v1.25.8
+    Kubernetes: v1.25.8
-Installed service versions:
+Service versions:
-	Cilium: v1.12.1
+    Cilium: v1.12.1
-	cert-manager: v1.10.0
+    cert-manager: v1.10.0
-	constellation-operators: v2.6.0
+    constellation-operators: v2.6.0
-	constellation-services: v2.6.0
+    constellation-services: v2.6.0
 Cluster status: Some node versions are out of date
-	Image: 23/25
+    Image: 23/25
-	Kubernetes: 25/25
+    Kubernetes: 25/25
 ```
 
 This output indicates that the cluster is running Kubernetes version `1.25.8`, and all nodes have the appropriate binaries installed.