Comments (12)
Yeah, it's a good point. So I'll be sure to document the upgrade process using Helm to both "development" releases and also "production" releases. Otherwise with straight YAML, it's just a re-apply the latest manifest. If you can think of anything else that may be special, please let me know. I'll write up what we've got so far if not.
from website.
Input needed, please. I'll self-assign once it's ready to document.
from website.
Yes, the upgrade of Kyverno is fairly simple, it just needs to apply the latest manifest from this file: https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml
from website.
I think there needs to be some guidance on how to remove the older CRDs so there isn't an alias collision with the new ones. Here's what happens when that doesn't happen and you just repave Kyverno with a newer manifest.
$ k api-resources | egrep report
clusterreportchangerequests kyverno.io false ClusterReportChangeRequest
reportchangerequests kyverno.io true ReportChangeRequest
clusterpolicyreports cpolr policy.k8s.io true ClusterPolicyReport
policyreports polr policy.k8s.io true PolicyReport
clusterpolicyreports cpolr wgpolicyk8s.io false ClusterPolicyReport
policyreports polr wgpolicyk8s.io true PolicyReport
from website.
Ok, I see. I think you installed an early release candidate of 1.3.0 and later upgraded to the latest version. For now you can just remove clusterpolicyreports and policyreports in policy.k8s.io
.
I would suggest cleaning up older CRDs by Kyverno automatically rather than adding more steps when upgrading Kyverno.
Will submit a PR to fix it.
from website.
Yeah, I have been using each RC for 1.3.0 as they've been cut, but I wasn't sure when the new CRDs came in. Agree it'd be better for Kyverno to clean them up.
So is the official best practice for upgrading to just apply the new manifest or use Helm as usual? No special procedures or considerations?
from website.
With kubectl, all it needs is to run kubectl apply -f https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml
.
With Helm, I think it first needs to upgrade Charts, and then upgrade Kyverno application? I'm now so sure, will have to check the exact command.
from website.
If the new chart is published, users would have to helm repo update
to pull in the new definitions and then do a helm upgrade
specifying that new version. Or were you saying there's more than that?
from website.
It'd be all when upgrading to an official release. When dealing with a release candidate, seems like Helm "hides" release candidates by default.
For example, only if I do helm search repo --devel kyverno
, it shows the release candidate, otherwise, it just displays the latest official one. See Install via Helm
on this page. When installing / upgrade, it needs a specific version by --version
.
from website.
Yes, I'm familiar with the release vs RC/dev ones. Just asking if it's a "normal" upgrade process with Helm. Mainly asking because users will want to make sure nothing is going to happen to their policies or reports.
from website.
I was not aware of that until I tested RC install, so just wanted to bring that up.
For the normal upgrade, what you've described would be all:
users would have to helm repo update to pull in the new definitions and then do a helm upgrade specifying that new version.
from website.
Closing via 9684ca3
from website.
Related Issues (20)
- [Enhancement] `detailed-result` flag
- [Enhancement] add documentation for `docs` command
- [Enhancement] New TUF related flags HOT 1
- [Bug] Search is broken HOT 8
- [Bug] Missing `s` for foreach-json-patch ClusterPolicy HOT 9
- [Enhancement] Fine-Grained Exclusions in Kyverno's Validate.podSecurity Rule HOT 4
- [Enhancement] Update compat. matrix for 1.11
- [Bug] Sigstore Verify Image Signature examples need to be updated for 1.11.x HOT 1
- [Enhancement] Update the cert renewal time before expiration
- [Enhancement] Add docs for the new enhancements related to policy exceptions
- [Bug] `render` does not set the `policyType` field to `cleanUp`
- [Enhancement] say that log_backtrace_at can only be used once HOT 3
- [Enhancement] making `images` consistent with `image` HOT 3
- Mobile menu broken HOT 1
- [Bug] Typo on the Policy Settings page HOT 2
- [Bug] making the front matter consistent across the project HOT 2
- [Enhancement] Add note about need for elevated permissions
- [Bug] `render` does not build after recent bumps HOT 3
- [enhancement] add fuzzing and 3rd party security audit links to the Security section of the docs HOT 1
- [Bug] Signature verification / ECR private registry usage HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.