consul/website/source/docs/platform/k8s/upgrading.html.md
Iryna Shustava a33154ac9b
Add docs about rolling out TLS on k8s (#7096)
* Add docs about gradually rolling out TLS on k8s

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-01-21 19:29:55 -08:00

2.5 KiB

layout page_title sidebar_current description
docs Upgrading docs-platform-k8s-ops-upgrading Upgrading Consul on Kubernetes

Upgrading Consul on Kubernetes

To upgrade Consul on Kubernetes, we follow the same pattern as generally upgrading Consul, except we can use the Helm chart to step through a rolling deploy. It is important to understand how to generally upgrade Consul before reading this section.

Upgrading Consul on Kubernetes will follow the same pattern: each server will be updated one-by-one. After that is successful, the clients will be updated in batches.

Upgrading Consul Servers

To initiate the upgrade, change the server.image value to the desired Consul version. For illustrative purposes, the example below will use consul:123.456. Also, set the server.updatePartition value equal to the number of server replicas:

server:
  image: "consul:123.456"
  replicas: 3
  updatePartition: 3

The updatePartition value controls how many instances of the server cluster are updated. Only instances with an index greater than the updatePartition value are updated (zero-indexed). Therefore, by setting it equal to replicas, none should update yet.

Next, run the upgrade. You should run this with --dry-run first to verify the changes that will be sent to the Kubernetes cluster.

$ helm upgrade consul ./
...

This should cause no changes (although the resource will be updated). If everything is stable, begin by decreasing the updatePartition value by one, and running helm upgrade again. This should cause the first Consul server to be stopped and restarted with the new image.

Wait until the Consul server cluster is healthy again (30s to a few minutes) then decrease updatePartition and upgrade again. Continue until updatePartition is 0. At this point, you may remove the updatePartition configuration. Your server upgrade is complete.

Upgrading Consul Clients

With the servers upgraded, it is time to upgrade the clients. To upgrade the clients, set the client.image value to the desired Consul version. Then, run helm upgrade. This will upgrade the clients in batches, waiting until the clients come up healthy before continuing.

Configuring TLS on an Existing Cluster

If you already have a Consul cluster deployed on Kubernetes and would like to turn on TLS for internal Consul communication, please see Configuring TLS on an Existing Cluster.