c69e6777bd
* add terraform planning * overwrite terraform files in upgrade workspace * Revert "overwrite terraform files in upgrade workspace" This reverts commit 8bdacfb8bef23ef2cdbdb06bad0855b3bbc42df0. * prepare terraform workspace * test upgrade integration * print upgrade abort * rename plan file * write output to file * add show plan test * add upgrade tf workdir * fix workspace preparing * squash to 1 command * test * bazel build * plan test * register flag manually * bazel tidy * fix linter * remove MAA variable * fix workdir * accept tf variables * variable fetching * fix resource indices * accept Terraform targets * refactor upgrade command * Terraform migration apply unit test * pass down image fetcher to test * use new flags in e2e test * move file name to constant * update buildfiles * fix version constant * conditionally create MAA * move interface down * upgrade dir * update buildfiles * fix interface * fix createMAA check * fix imports * update buildfiles * wip: workspace backup * copy utils * backup upgrade workspace * remove debug print * replace old state after upgrade * check if flag exists * prepare test workspace * remove prefix Co-authored-by: Otto Bittner <cobittner@posteo.net> * respect file permissions * refactor tf upgrader * check workspace before upgrades * remove temp upgrade dir after completion * clean up workspace after abortion * fix upgrade apply test * fix linter --------- Co-authored-by: Otto Bittner <cobittner@posteo.net> |
||
|---|---|---|
| .. | ||
| charts | ||
| imageversion | ||
| testdata | ||
| backup_test.go | ||
| backup.go | ||
| BUILD.bazel | ||
| cilium.patch | ||
| client_test.go | ||
| client.go | ||
| generateCertManager.sh | ||
| generateCilium.sh | ||
| helm.go | ||
| loader_test.go | ||
| loader.go | ||
| README.md | ||
| update-csi-charts.sh | ||
| values.go | ||
Chart upgrades
All services that are installed via helm-install are upgraded via helm-upgrade.
Two aspects are not full covered by running helm-upgrade: CRDs and values.
While helm-install can install CRDs if they are contained in a chart's crds folder, upgrade won't change any installed CRDs.
Furthermore, new values introduced with a new version of a chart will not be installed into the cluster if the --reuse-values flag is set.
Nevertheless, we have to rely on the values already present in the cluster because some of the values are set by the bootstrapper during installation.
Because upgrades should be a CLI-only operation and we want to avoid the behaviour of --reuse-values, we fetch the cluster values and merge them with any new values.
Here is how we manage CRD upgrades for each chart.
Cilium
- CRDs are updated by cilium-operator.
cert-manager
- installCRDs flag is set during upgrade. This flag is managed by cert-manager. cert-manager is in charge of correctly upgrading the CRDs.
- WARNING: upgrading cert-manager might break other installations of cert-manager in the cluster, if those other installation are not on the same version as the Constellation-manager installation. This is due to the cluster-wide CRDs.
Operators
- Manually update CRDs before upgrading the chart. Update by running applying the CRDs found in the
operators/crds/folder.
Constellation-services
- There currently are no CRDs in this chart.