From a8a909a03864e0d976acbdbee4593ea7c1c4e61b Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Fri, 23 Jun 2023 17:37:14 -0500 Subject: [PATCH] Backport of docs: update upgrade to consul-dataplane docs on k8s into release/1.14.x (#17863) * backport of commit ad7cbd5c70605da42417caa9a666af1080645eb6 * backport of commit 122b50b088828e95d746b16c4bf294a4f09e498f * backport of commit fea8da71090c663193cb91addecdb7da2ab722b3 --------- Co-authored-by: Iryna Shustava --- website/content/docs/k8s/upgrade/index.mdx | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/website/content/docs/k8s/upgrade/index.mdx b/website/content/docs/k8s/upgrade/index.mdx index d5ea03dae0e7..933c98f8c65d 100644 --- a/website/content/docs/k8s/upgrade/index.mdx +++ b/website/content/docs/k8s/upgrade/index.mdx @@ -219,7 +219,7 @@ In earlier versions, Consul on Kubernetes used client agents in its deployments. If you upgrade Consul from a version that uses client agents to a version the uses dataplanes, complete the following steps to upgrade your deployment safely and without downtime. -1. Before you upgrade, edit your Helm chart to enable Consul client agents by setting `client.enabled` and `client.updateStrategy`: +1. Before you upgrade, edit your Helm chart configuration to enable Consul client agents by setting `client.enabled` and `client.updateStrategy`: ```yaml filename="values.yaml" client: @@ -228,6 +228,18 @@ If you upgrade Consul from a version that uses client agents to a version the us type: OnDelete ``` +1. Update the `connect-injector` to not log out on restart +to make sure that the ACL tokens used by existing services are still valid during the migration to `consul-dataplane`. +Note that you must remove the token manually after completing the migration. + + The following command triggers the deployment rollout. Wait for the rollout to complete before proceeding to next step. + + ```bash + kubectl config set-context --current --namespace= + INJECTOR_DEPLOYMENT=$(kg deploy -l "component=connect-injector" -o=jsonpath='{.items[0].metadata.name}') + kubectl patch deploy $INJECTOR_DEPLOYMENT --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/lifecycle"}]' + ``` + 1. Follow our [recommended procedures to upgrade servers](#upgrade-consul-servers) on Kubernetes deployments to upgrade Helm values for the new version of Consul. 1. Run `kubectl rollout restart` to restart your service mesh applications. Restarting service mesh application causes Kubernetes to re-inject them with the webhook for dataplanes.