backport of commit f929dcf7c8 (#23529)

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

website/content/docs/platform/k8s/vso/installation.mdx

@@ -5,7 +5,7 @@ description: >-
   The Vault Secrets Operator can be installed using Helm.
 ---
 
-# Installing the Vault Secrets Operator
+# Installing and upgrading the Vault Secrets Operator
 
 ## Prerequisites
 
@@ -25,7 +25,9 @@ HashiCorp helm repository and ensure you have access to the chart:
 ```shell-session
 $ helm repo add hashicorp https://helm.releases.hashicorp.com
 "hashicorp" has been added to your repositories
+```
 
+```shell-session
 $ helm search repo hashicorp/vault-secrets-operator
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
 hashicorp/vault-secrets-operator	0.3.1       	0.3.1     	Official HashiCorp Vault Secrets Operator Chart
@@ -34,16 +36,72 @@ hashicorp/vault-secrets-operator	0.3.1       	0.3.1     	Official HashiCorp Vaul
 Then install the Operator:
 
 ```shell-session
-$ helm install --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator --version 0.3.1
+$ helm install --version 0.3.1 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
 ```
 
 
 ## Upgrading using helm
 
-Upgrades may be performed with `helm upgrade` on an existing install. Please
+You can upgrade an existing installation with the `helm upgrade` command.
-always run Helm with `--dry-run` before any install or upgrade to verify
+Please always run Helm with the `--dry-run` option before any install or upgrade to verify
 changes.
 
+Update the `hashicorp` Helm repo:
+```shell-session
+$ helm repo update hashicorp
+Hang tight while we grab the latest from your chart repositories...
+...Successfully got an update from the "hashicorp" chart repository
+Update Complete. ⎈Happy Helming!⎈
+```
 
-### Helm chart values
+<Note title="Helm does not automatically update CRDs">
-All supported Helm chart values can be found [here](/vault/docs/platform/k8s/vso/helm)
+  You must update all CRDs manually before upgrading VSO.
+  Refer to <a href="#updating-crds">Updating CRDs</a>.
+</Note>
+
+To upgrade your VSO release, replace `<TARGET_VSO_VERSION>` with the VSO version you are upgrading to:
+```shell-session
+$ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
+$ helm upgrade --version <TARGET_VSO_VERSION> --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
+```
+
+For example, if you are upgrading to VSO 0.3.1:
+```shell-session
+$ helm show crds --version 0.3.1 hashicorp/vault-secrets-operator | kubectl apply -f -
+$ helm upgrade --version 0.3.1 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
+```
+
+## Updating CRDs
+
+You must update the CRDs for VSO manually **before** you upgrade the
+ operator when the operator is managed by Helm.
+
+**Any `kubectl` warnings related to `last-applied-configuration` should be safe to ignore.**
+
+To update the VSO CRDs, replace `<TARGET_VSO_VERSION>` with the VSO version you are upgrading to:
+```shell-session
+$ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
+```
+
+For example, if you are upgrading to VSO 0.3.1:
+```shell-session
+$ helm show crds --version 0.3.1 hashicorp/vault-secrets-operator | kubectl apply -f -
+
+customresourcedefinition.apiextensions.k8s.io/hcpauths.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/hcpvaultsecretsapps.secrets.hashicorp.com created
+Warning: resource customresourcedefinitions/vaultauths.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
+customresourcedefinition.apiextensions.k8s.io/vaultauths.secrets.hashicorp.com configured
+Warning: resource customresourcedefinitions/vaultconnections.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
+customresourcedefinition.apiextensions.k8s.io/vaultconnections.secrets.hashicorp.com configured
+Warning: resource customresourcedefinitions/vaultdynamicsecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
+customresourcedefinition.apiextensions.k8s.io/vaultdynamicsecrets.secrets.hashicorp.com configured
+Warning: resource customresourcedefinitions/vaultpkisecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
+customresourcedefinition.apiextensions.k8s.io/vaultpkisecrets.secrets.hashicorp.com configured
+Warning: resource customresourcedefinitions/vaultstaticsecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
+customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashicorp.com configured
+```
+
+## Chart values
+
+Refer to the [VSO helm chart](/vault/docs/platform/k8s/vso/helm)
+ overview for a full list of supported chart values.