Operator mode

If have installed your Calisti deployment in operator mode, the upgrade procedure only consists of installing a newer version of the operator helm chart and allowing it to reconcile the cluster. Complete the following steps.

Service Mesh Manager upgrade

1. Uninstall the previous version (1.11.0) of the smm-operator chart.

   helm uninstall smm-operator --namespace smm-registry-access
   

2. Install the new version (1.12.0) of the smm-operator chart.

   helm install \
     --namespace=smm-registry-access \
     --set "global.ecr.enabled=false" \
     --set "global.basicAuth.username=<your-username>" \
     --set "global.basicAuth.password=<your-password>" \
     smm-operator \
     oci://registry.eticloud.io/smm-charts/smm-operator --version 1.12.0
   

   Note: If the system uses helm for deploying the chart (and not some other CI/CD solution such as Argo CD), then the CustomResourceDefinitions (CRDs) will not be automatically upgraded. In this case, fetch the helm chart locally using the helm pull command and apply the CRDs in the crds folder of the helm chart manually.

3. After the operator has been started, monitor the status of the ControlPlane resource until it finishes the upgrade (reconciliation). Run the following command:

   kubectl describe cp
   

   After the upgrade is finished, the output should be similar to the following. The Status: Succeeded line shows that the deployment has been upgraded. In case of any errors, consult the Kubernetes logs of the operator (installed by Helm) for further information.

   ...
   Status:
     Components:
       Cert Manager:
         Status:  Available
       Cluster Registry:
         Status:  Available
       Mesh Manager:
         Status:  Available
       Node Exporter:
         Status:  Available
       Registry Access:
         Status:  Available
       Smm:
         Status:  Available
     Status:      Succeeded
   

Streaming Data Manager upgrade

1. Upgrade to the new version ( version 1.9.0) of the supertubes-control-plane chart.

   helm upgrade \
     --namespace supertubes-control-plane \
     --set imagePullSecrets\[0\].name=smm-pull-secret \
     --set operator.image.repository="registry.eticloud.io/sdm/supertubes-control-plane" \
     supertubes-control-plane \
     oci://registry.eticloud.io/sdm-charts/supertubes-control-plane --version 1.9.0
   

2. After the operator has been started, monitor the status of the applicationmanifest resource until it finishes the upgrade (reconciliation). Run the following command:

   kubectl describe applicationmanifests.supertubes.banzaicloud.io -n supertubes-control-plane sdm-applicationmanifest
   

   The output should be similar to:

   ...
   Status:
     Components:
       Cluster Registry:
         Status:  Removed
       Csr Operator:
         Status:  Available
       Imps Operator:
         Image Pull Secret Status:  Unmanaged
         Status:                    Removed
       Istio Operator:
         Status:  Removed
       Kafka Operator:
         Status:  Available
       Monitoring:
         Status:  Available
       Supertubes:
         Status:  Available
       Zookeeper Operator:
         Status:  Available
     Status:      Succeeded
   

3. If the following error shows up in the ApplicationManifest under the Message field:

   resource type is not allowed to be recreated: Job.batch "zookeeper-operator-post-install-upgrade" is invalid...
   

   Delete the zookeeper-operator-post-install-upgrade job so it is recreated when ZooKeeper is reconciled:

   kubectl delete job -n zookeeper zookeeper-operator-post-install-upgrade
   

Restarting workloads

After the upgrade has completed, the Pods running in applications' namespaces are still running the old version of Istio proxy sidecar.

1. To obtain the latest security patches, restart these Controllers (Deployments, StatefulSets, and so on) either using the kubectl rollout command, or by instructing the CI/CD systems enabled on the cluster. For example, to restart the deployments in a namespace, you can run:

   kubectl rollout restart deployment --namespace <name-of-your-namespace>
   

2. If the upgrade also involved a minor or major version upgrade of Istio, the kubectl rollout command will only ensure that the latest patch level is being used on the Pods.

   For example: Service Mesh Manager 1.8.2 comes with Istio 1.11, while Service Mesh Manager 1.9.0 is bundled with Istio 1.12. By upgrading from Service Mesh Manager 1.8.2 to 1.9.0, and then restarting the Controllers will only result in the latest 1.11 Istio sidecar proxy to be started in the Pods.

   To upgrade to the new minor/major version of Istio on your workloads, complete the Upgrading your business applications procedure.