* Add docs about gradually rolling out TLS on k8s Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2.5 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
docs | Upgrading | docs-platform-k8s-ops-upgrading | Upgrading Consul on Kubernetes |
Upgrading Consul on Kubernetes
To upgrade Consul on Kubernetes, we follow the same pattern as generally upgrading Consul, except we can use the Helm chart to step through a rolling deploy. It is important to understand how to generally upgrade Consul before reading this section.
Upgrading Consul on Kubernetes will follow the same pattern: each server will be updated one-by-one. After that is successful, the clients will be updated in batches.
Upgrading Consul Servers
To initiate the upgrade, change the server.image
value to the
desired Consul version. For illustrative purposes, the example below will
use consul:123.456
. Also, set the server.updatePartition
value
equal to the number of server replicas:
server:
image: "consul:123.456"
replicas: 3
updatePartition: 3
The updatePartition
value controls how many instances of the server
cluster are updated. Only instances with an index greater than the
updatePartition
value are updated (zero-indexed). Therefore, by setting
it equal to replicas, none should update yet.
Next, run the upgrade. You should run this with --dry-run
first to verify
the changes that will be sent to the Kubernetes cluster.
$ helm upgrade consul ./
...
This should cause no changes (although the resource will be updated). If
everything is stable, begin by decreasing the updatePartition
value by one,
and running helm upgrade
again. This should cause the first Consul server
to be stopped and restarted with the new image.
Wait until the Consul server cluster is healthy again (30s to a few minutes)
then decrease updatePartition
and upgrade again. Continue until
updatePartition
is 0
. At this point, you may remove the
updatePartition
configuration. Your server upgrade is complete.
Upgrading Consul Clients
With the servers upgraded, it is time to upgrade the clients. To upgrade
the clients, set the client.image
value to the desired Consul version.
Then, run helm upgrade
. This will upgrade the clients in batches, waiting
until the clients come up healthy before continuing.
Configuring TLS on an Existing Cluster
If you already have a Consul cluster deployed on Kubernetes and would like to turn on TLS for internal Consul communication, please see Configuring TLS on an Existing Cluster.