Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-18 20:14:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

Microservice upgrades (#729)

Browse source 
Run with: constellation upgrade execute --helm.
This will only upgrade the helm charts. No config is needed.

Upgrades are implemented via helm's upgrade action, i.e. they
automatically roll back if something goes wrong. Releases could 
still be managed via helm, even after an upgrade with constellation
has been done.

Currently not user facing as CRD/CR backups are still in progress.
These backups should be automatically created and saved to the 
user's disk as updates may delete CRs. This happens implicitly 
through CRD upgrades, which are part of microservice upgrades.
This commit is contained in:
Otto Bittner 2022-12-19 16:52:15 +01:00 committed by GitHub
parent 990cae58a5
commit efcd0337b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 498 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

23
cli/internal/helm/README.md Normal file
View file

@ -0,0 +1,23 @@
# Chart upgrades
All services that are installed via helm-install are upgraded via helm-upgrade.
Two aspects are not full covered by running helm-upgrade: CRDs and values.
While helm-install can install CRDs if they are contained in a chart's `crds` folder, upgrade won't change any installed CRDs.
Furthermore, new values introduced with a new version of a chart will not be installed into the cluster if the `--reuse-values` flag is set.
Nevertheless, we have to rely on the values already present in the cluster because some of the values are set by the bootstrapper during installation.
Because upgrades should be a CLI-only operation and we want to avoid the behaviour of `--reuse-values`, we fetch the cluster values and merge them with any new values.
Here is how we manage CRD upgrades for each chart.
## Cilium
- CRDs are updated by cilium-operator.
## cert-manager
- installCRDs flag is set during upgrade. This flag is managed by cert-manager. cert-manager is in charge of correctly upgrading the CRDs.
- WARNING: upgrading cert-manager might break other installations of cert-manager in the cluster, if those other installation are not on the same version as the Constellation-manager installation. This is due to the cluster-wide CRDs.
## Operators
- Manually update CRDs before upgrading the chart. Update by running applying the CRDs found in the `operators/crds/` folder.
## Constellation-services
- There currently are no CRDs in this chart.