mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-30 18:17:55 +00:00
Document how to upgrade a Helm managed VSO (#23512)
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
This commit is contained in:
Ben Ash
@@ -5,7 +5,7 @@ description: >-
|
|||||||
The Vault Secrets Operator can be installed using Helm.
|
The Vault Secrets Operator can be installed using Helm.
|
||||||
---
|
---
|
||||||
|
|
||||||
# Installing the Vault Secrets Operator
|
# Installing and upgrading the Vault Secrets Operator
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
@@ -25,7 +25,9 @@ HashiCorp helm repository and ensure you have access to the chart:
|
|||||||
```shell-session
|
```shell-session
|
||||||
$ helm repo add hashicorp https://helm.releases.hashicorp.com
|
$ helm repo add hashicorp https://helm.releases.hashicorp.com
|
||||||
"hashicorp" has been added to your repositories
|
"hashicorp" has been added to your repositories
|
||||||
|
```
|
||||||
|
|
||||||
|
```shell-session
|
||||||
$ helm search repo hashicorp/vault-secrets-operator
|
$ helm search repo hashicorp/vault-secrets-operator
|
||||||
NAME CHART VERSION APP VERSION DESCRIPTION
|
NAME CHART VERSION APP VERSION DESCRIPTION
|
||||||
hashicorp/vault-secrets-operator 0.3.1 0.3.1 Official HashiCorp Vault Secrets Operator Chart
|
hashicorp/vault-secrets-operator 0.3.1 0.3.1 Official HashiCorp Vault Secrets Operator Chart
|
||||||
@@ -34,16 +36,72 @@ hashicorp/vault-secrets-operator 0.3.1 0.3.1 Official HashiCorp Vaul
|
|||||||
Then install the Operator:
|
Then install the Operator:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ helm install --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator --version 0.3.1
|
$ helm install --version 0.3.1 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Upgrading using helm
|
## Upgrading using helm
|
||||||
|
|
||||||
Upgrades may be performed with `helm upgrade` on an existing install. Please
|
You can upgrade an existing installation with the `helm upgrade` command.
|
||||||
always run Helm with `--dry-run` before any install or upgrade to verify
|
Please always run Helm with the `--dry-run` option before any install or upgrade to verify
|
||||||
changes.
|
changes.
|
||||||
|
|
||||||
|
Update the `hashicorp` Helm repo:
|
||||||
|
```shell-session
|
||||||
|
$ helm repo update hashicorp
|
||||||
|
Hang tight while we grab the latest from your chart repositories...
|
||||||
|
...Successfully got an update from the "hashicorp" chart repository
|
||||||
|
Update Complete. ⎈Happy Helming!⎈
|
||||||
|
```
|
||||||
|
|
||||||
### Helm chart values
|
<Note title="Helm does not automatically update CRDs">
|
||||||
All supported Helm chart values can be found [here](/vault/docs/platform/k8s/vso/helm)
|
You must update all CRDs manually before upgrading VSO.
|
||||||
|
Refer to <a href="#updating-crds">Updating CRDs</a>.
|
||||||
|
</Note>
|
||||||
|
|
||||||
|
To upgrade your VSO release, replace `<TARGET_VSO_VERSION>` with the VSO version you are upgrading to:
|
||||||
|
```shell-session
|
||||||
|
$ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
|
||||||
|
$ helm upgrade --version <TARGET_VSO_VERSION> --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
|
||||||
|
```
|
||||||
|
|
||||||
|
For example, if you are upgrading to VSO 0.3.1:
|
||||||
|
```shell-session
|
||||||
|
$ helm show crds --version 0.3.1 hashicorp/vault-secrets-operator | kubectl apply -f -
|
||||||
|
$ helm upgrade --version 0.3.1 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
|
||||||
|
```
|
||||||
|
|
||||||
|
## Updating CRDs
|
||||||
|
|
||||||
|
You must update the CRDs for VSO manually **before** you upgrade the
|
||||||
|
operator when the operator is managed by Helm.
|
||||||
|
|
||||||
|
**Any `kubectl` warnings related to `last-applied-configuration` should be safe to ignore.**
|
||||||
|
|
||||||
|
To update the VSO CRDs, replace `<TARGET_VSO_VERSION>` with the VSO version you are upgrading to:
|
||||||
|
```shell-session
|
||||||
|
$ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
|
||||||
|
```
|
||||||
|
|
||||||
|
For example, if you are upgrading to VSO 0.3.1:
|
||||||
|
```shell-session
|
||||||
|
$ helm show crds --version 0.3.1 hashicorp/vault-secrets-operator | kubectl apply -f -
|
||||||
|
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/hcpauths.secrets.hashicorp.com created
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/hcpvaultsecretsapps.secrets.hashicorp.com created
|
||||||
|
Warning: resource customresourcedefinitions/vaultauths.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/vaultauths.secrets.hashicorp.com configured
|
||||||
|
Warning: resource customresourcedefinitions/vaultconnections.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/vaultconnections.secrets.hashicorp.com configured
|
||||||
|
Warning: resource customresourcedefinitions/vaultdynamicsecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/vaultdynamicsecrets.secrets.hashicorp.com configured
|
||||||
|
Warning: resource customresourcedefinitions/vaultpkisecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/vaultpkisecrets.secrets.hashicorp.com configured
|
||||||
|
Warning: resource customresourcedefinitions/vaultstaticsecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
|
||||||
|
customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashicorp.com configured
|
||||||
|
```
|
||||||
|
|
||||||
|
## Chart values
|
||||||
|
|
||||||
|
Refer to the [VSO helm chart](/vault/docs/platform/k8s/vso/helm)
|
||||||
|
overview for a full list of supported chart values.
|
||||||
|
|||||||
Reference in New Issue
Block a user