Verified Commit 0f1af5de authored 2 years ago by Sheogorath

Upgrade calico to version 3.23.0

This patch Upgrades calico to version 3.23.0, which is a complicated
endeavour since it switches the helm release namespaces from default to
tigera-operator.

Besides the regular upgrade tasks, this reqires some explicit adjusting
of helm annotations and flux labels, in order to convince the cluster,
that's how it always has been.

The following tasks need to be done:

Before you start
---

Disable flux:

```
kubectl scale deployment -n flux-system source-controller --replicas 0
kubectl scale deployment -n flux-system helm-controller --replicas 0
kubectl scale deployment -n flux-system kustomize-controller --replicas 0
```

The upgrade
---

Push/merge this patch. (!!!)

Update helm release annotations:
```
kubectl patch installation default --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
kubectl patch apiserver default --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
kubectl patch podsecuritypolicy tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
kubectl patch -n tigera-operator deployment tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
kubectl patch -n tigera-operator serviceaccount tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
kubectl patch clusterrole tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
kubectl patch clusterrolebinding tigera-operator tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
```

Patch flux labels:
```
kubectl patch installation default --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
kubectl patch apiserver default --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
kubectl patch podsecuritypolicy tigera-operator --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
kubectl patch -n tigera-operator deployment tigera-operator --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
kubectl patch -n tigera-operator serviceaccount tigera-operator --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
kubectl patch clusterrole tigera-operator --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
kubectl patch clusterrolebinding tigera-operator tigera-operator --type=merge -p '{"metadata": {"labels": {"helm.toolkit.fluxcd.io/namespace": "tigera-operator"}}}'
```

Remove flux labels from namespace:

```
kubectl label namespace tigera-operator helm.toolkit.fluxcd.io/namespace-
```

Get values:

```
helm get values -n default calico > values.yaml
```

Install calico:

```
helm repo add projectcalico https://projectcalico.docs.tigera.io/charts
helm install calico projectcalico/tigera-operator --version v3.23.0 --namespace tigera-operator --values values.yaml
```

Migrate flux helmrelease:

```
kubectl apply -n tigera-operator -f bootstrap/calico/release.yaml
kubectl patch helmrelease calico --type=json -p="[{'op': 'remove', 'path': '/metadata/finalizers'}]" -n default
kubectl delete helmrelease -n default calico
```

Delete old helm install:

```
kubectl delete secret -n default -l name=calico -l owner=helm
```

Starting flux again
---

```
kubectl scale deployment -n flux-system source-controller --replicas 1
kubectl scale deployment -n flux-system helm-controller --replicas 1
kubectl scale deployment -n flux-system kustomize-controller --replicas 1
```

References:
https://projectcalico.docs.tigera.io/archive/v3.23/release-notes/

parent 71011b86

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 12 additions and 5 deletions

+ 2

− 1

View file @ 0f1af5de

	apiVersion: kustomize.config.k8s.io/v1beta1		apiVersion: kustomize.config.k8s.io/v1beta1
	kind: Kustomization		kind: Kustomization
	namespace: default		namespace: tigera-operator
	resources:		resources:
			- namespace.yaml
	- repository.yaml		- repository.yaml
	- release.yaml		- release.yaml

0 → 100644

+ 6

− 0

View file @ 0f1af5de

			apiVersion: v1
			kind: Namespace
			metadata:
			name: tigera-operator
			labels:
			kyverno.shivering-isles.com/class: "system"

+ 3

− 3

View file @ 0f1af5de

...	@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1	...	@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease		kind: HelmRelease
	metadata:		metadata:
	name: calico		name: calico
	namespace: default		namespace: tigera-operator
	spec:		spec:
	releaseName: calico		releaseName: calico
	chart:		chart:
...	@@ -11,8 +11,8 @@ spec:	...	@@ -11,8 +11,8 @@ spec:
	sourceRef:		sourceRef:
	kind: HelmRepository		kind: HelmRepository
	name: projectcalico		name: projectcalico
	namespace: default		namespace: tigera-operator
	version: v3.22.2		version: v3.23.0
	interval: 15m		interval: 15m
	values:		values:
	apiServer:		apiServer:
...		...

+ 1

− 1

View file @ 0f1af5de

...	@@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1	...	@@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1
	kind: HelmRepository		kind: HelmRepository
	metadata:		metadata:
	name: projectcalico		name: projectcalico
	namespace: default		namespace: tigera-operator
	spec:		spec:
	interval: 30m		interval: 30m
	url: https://docs.projectcalico.org/charts		url: https://docs.projectcalico.org/charts

Sheogorath @sheogorath
mentioned in merge request !113 (closed)
· 2 years ago

mentioned in merge request !113 (closed)

mentioned in merge request !113

Toggle commit list

Please register or to comment