kubezero/docs/v1.27.md

# KubeZero 1.27

## TODO

## What's new - Major themes
- all KubeZero and support AMIs based on latest Alpine 3.18.4
- updated and improved hardening of Istio Ingress Gateways
- moved ECK operator into new kubezero-operators module
- new, optional, OpenSearch operator
- all instances now enforce IMDSv2

## Fixes
- `kubectl top nodes` works now using node-exporter metrics rather than cadvisor

## Version upgrades
- cilium 1.14.4
- istio 1.19.4
- fluent-bit 2.2.0
- ArgoCD 2.9
- Prometheus / Grafana

### FeatureGates
- CustomCPUCFSQuotaPeriod
- MemoryQoS

# Upgrade
`(No, really, you MUST read this before you upgrade)`

Ensure your Kube context points to the correct cluster !

1. Review CFN config for controller and workers, no mandatory changes during this release though

2. Upgrade CFN stacks for the control plane *ONLY* !
  Updating the workers CFN stacks would trigger rolling updates right away !

3. Trigger cluster upgrade:  
  `./admin/upgrade_cluster.sh <path to the argocd app kubezero yaml for THIS cluster>`

4. Review the kubezero-config and if all looks good commit the ArgoApp resouce for Kubezero via regular git  
  git add / commit / push `<cluster/env/kubezero/application.yaml>`  

5. Reboot controller(s) one by one  
Wait each time for controller to join and all pods running.
Might take a while ...

6. Upgrade CFN stacks for the workers.  
  This in turn will trigger automated worker updates by evicting pods and launching new workers in a rolling fashion.
  Grab a coffee and keep an eye on the cluster to be safe ...
  Depending on your cluster size it might take a while to roll over all workers!

7. Re-enable ArgoCD by hitting <return> on the still waiting upgrade script 

8. Quickly head over to ArgoCD and sync the KubeZero main module as soon as possible to reduce potential back and forth in case ArgoCD has legacy state


## Known issues
So far so good.
First v1.27 docs, upgrade tweaks 2023-11-22 11:55:34 +00:00			`# KubeZero 1.27`

			`## TODO`

			`## What's new - Major themes`
			`- all KubeZero and support AMIs based on latest Alpine 3.18.4`
			`- updated and improved hardening of Istio Ingress Gateways`
			`- moved ECK operator into new kubezero-operators module`
			`- new, optional, OpenSearch operator`
Latest kubezero-ci incl. Gitea theming 2023-11-22 17:51:09 +00:00			`- all instances now enforce IMDSv2`
First v1.27 docs, upgrade tweaks 2023-11-22 11:55:34 +00:00
Logging version bump, metrics fixes 2023-11-28 18:42:00 +00:00			`## Fixes`
			- `kubectl top nodes` works now using node-exporter metrics rather than cadvisor

First v1.27 docs, upgrade tweaks 2023-11-22 11:55:34 +00:00			`## Version upgrades`
			`- cilium 1.14.4`
			`- istio 1.19.4`
Logging version bump, metrics fixes 2023-11-28 18:42:00 +00:00			`- fluent-bit 2.2.0`
			`- ArgoCD 2.9`
			`- Prometheus / Grafana`
First v1.27 docs, upgrade tweaks 2023-11-22 11:55:34 +00:00
			`### FeatureGates`
			`- CustomCPUCFSQuotaPeriod`
			`- MemoryQoS`

			`# Upgrade`
			`(No, really, you MUST read this before you upgrade)`

			`Ensure your Kube context points to the correct cluster !`

			`1. Review CFN config for controller and workers, no mandatory changes during this release though`

			`2. Upgrade CFN stacks for the control plane ONLY !`
			`Updating the workers CFN stacks would trigger rolling updates right away !`

			`3. Trigger cluster upgrade:`
			`./admin/upgrade_cluster.sh <path to the argocd app kubezero yaml for THIS cluster>`

			`4. Review the kubezero-config and if all looks good commit the ArgoApp resouce for Kubezero via regular git`
			git add / commit / push `<cluster/env/kubezero/application.yaml>`

			`5. Reboot controller(s) one by one`
			`Wait each time for controller to join and all pods running.`
			`Might take a while ...`

			`6. Upgrade CFN stacks for the workers.`
			`This in turn will trigger automated worker updates by evicting pods and launching new workers in a rolling fashion.`
			`Grab a coffee and keep an eye on the cluster to be safe ...`
			`Depending on your cluster size it might take a while to roll over all workers!`

			`7. Re-enable ArgoCD by hitting <return> on the still waiting upgrade script`

			`8. Quickly head over to ArgoCD and sync the KubeZero main module as soon as possible to reduce potential back and forth in case ArgoCD has legacy state`


			`## Known issues`
			`So far so good.`