55 lines
2.4 KiB

# Upgrade to KubeZero V2.19.0
# CloudBender / Kubernetes v1.19
## Changes
- worker nodes names are now the default AWS private hostnames, rather than the CloudBender provided unique static hostnames :-(
This change was required to enable node restrictions via the upstream aws-iam-authenticator as well as prepare for support of the Horizontal Autoscaler and Spot Instances in the next releases
- cluster-admin kubectl config now stored on SSM Parameter store, contains no more secrets leveraging IAM roles
- fully encrypted cluster backup on S3
( automated migration and cleanup of previous files )
- backup password and cluster version stored on SSM Parameter store
- worker nodes authenticate via IAM roles rather than tokens
- improved resource reservations on all nodes
- various security / reliability improvements and bug fixes
## Upgrade
- Set Kubernetes version in the controller config to eg. `1.19`
- Update controller and worker stacks with latest CFN code
- terminate controller00 first, afterwards remaining controllers
- replace worker nodes in a rolling fashion via. drain / terminate / rinse-repeat
# KubeZero
## Changes
- Version bump to latest releases of *EVERY* component
- optional support for fuse-device-plugin
- KubeZero now supports bare-metal, all AWS components optional
- resource definitions for most admin pods, incl. apiserver, etcd, etc.
- Logging:
- ES resources are now defined using standard config vs. custom settings like jvm_heap and cpu_request
- Optional ability to add nodeAffinity rules for ES/Kibana and Fluentd
- Fluentd replicaCount default from 2 to 1
## Upgrade - Without ArgoCD
1. Update CRDs of all enabled components:
`./bootstrap.sh crds all clusters/$CLUSTER`
2. Prepare upgrade
- delete old fluentd deployement because labels are immutable and they changed due to the migration to new upstream helm chart
`kubectl delete deployment logging-fluentd -n logging`
3. Upgrade all components
`./bootstrap.sh deploy all clusters/$CLUSTER`
## Upgrade - ArgoCD
- ArgoCD needs to be upgraded first to support latest Helm chart requirements: `./bootstrap.sh deploy argocd clusters/$CLUSTER`
- push latest cluster config to your git repo
- verify correct branch etc. ( eg. argoless branch has been retired ! )
- trigger sync in ArgoCD starting with the KubeZero root app
( only if auto-sync is not enabled )
## Verification / Tests
- check if all pods are RUNNING
- check any Ingress services
- ...