scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document how to upgrade a Helm managed VSO (#23512)

Browse Source 
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
This commit is contained in:
Ben Ash
2023-10-05 13:59:22 -04:00
committed by GitHub
parent b4d221536a
commit f929dcf7c8
1 changed files with 64 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
website/content/docs/platform/k8s/vso/installation.mdx
View File

@@ -5,7 +5,7 @@ description: >-
The Vault Secrets Operator can be installed using Helm.
---
# Installing the Vault Secrets Operator
# Installing and upgrading the Vault Secrets Operator
## Prerequisites
@@ -25,7 +25,9 @@ HashiCorp helm repository and ensure you have access to the chart:
```shell-session
$ helm repo add hashicorp https://helm.releases.hashicorp.com
"hashicorp" has been added to your repositories
```
```shell-session
$ helm search repo hashicorp/vault-secrets-operator
NAME CHART VERSION APP VERSION DESCRIPTION
hashicorp/vault-secrets-operator 0.3.1 0.3.1 Official HashiCorp Vault Secrets Operator Chart
@@ -34,16 +36,72 @@ hashicorp/vault-secrets-operator 0.3.1 0.3.1 Official HashiCorp Vaul
Then install the Operator:
```shell-session
$ helm install --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator --version 0.3.1
$ helm install --version 0.3.1 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
```
## Upgrading using helm
Upgrades may be performed with `helm upgrade` on an existing install. Please
always run Helm with `--dry-run` before any install or upgrade to verify
You can upgrade an existing installation with the `helm upgrade` command.
Please always run Helm with the `--dry-run` option before any install or upgrade to verify
changes.
Update the `hashicorp` Helm repo:
```shell-session
$ helm repo update hashicorp
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "hashicorp" chart repository
Update Complete. ⎈Happy Helming!⎈
```
### Helm chart values
All supported Helm chart values can be found [here](/vault/docs/platform/k8s/vso/helm)
<Note title="Helm does not automatically update CRDs">
You must update all CRDs manually before upgrading VSO.
Refer to <a href="#updating-crds">Updating CRDs</a>.
</Note>
To upgrade your VSO release, replace `<TARGET_VSO_VERSION>` with the VSO version you are upgrading to:
```shell-session
$ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
$ helm upgrade --version <TARGET_VSO_VERSION> --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
```
For example, if you are upgrading to VSO 0.3.1:
```shell-session
$ helm show crds --version 0.3.1 hashicorp/vault-secrets-operator | kubectl apply -f -
$ helm upgrade --version 0.3.1 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
```
## Updating CRDs
You must update the CRDs for VSO manually **before** you upgrade the
operator when the operator is managed by Helm.
**Any `kubectl` warnings related to `last-applied-configuration` should be safe to ignore.**
To update the VSO CRDs, replace `<TARGET_VSO_VERSION>` with the VSO version you are upgrading to:
```shell-session
$ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
```
For example, if you are upgrading to VSO 0.3.1:
```shell-session
$ helm show crds --version 0.3.1 hashicorp/vault-secrets-operator | kubectl apply -f -
customresourcedefinition.apiextensions.k8s.io/hcpauths.secrets.hashicorp.com created
customresourcedefinition.apiextensions.k8s.io/hcpvaultsecretsapps.secrets.hashicorp.com created
Warning: resource customresourcedefinitions/vaultauths.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/vaultauths.secrets.hashicorp.com configured
Warning: resource customresourcedefinitions/vaultconnections.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/vaultconnections.secrets.hashicorp.com configured
Warning: resource customresourcedefinitions/vaultdynamicsecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/vaultdynamicsecrets.secrets.hashicorp.com configured
Warning: resource customresourcedefinitions/vaultpkisecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/vaultpkisecrets.secrets.hashicorp.com configured
Warning: resource customresourcedefinitions/vaultstaticsecrets.secrets.hashicorp.com is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashicorp.com configured
```
## Chart values
Refer to the [VSO helm chart](/vault/docs/platform/k8s/vso/helm)
overview for a full list of supported chart values.