Upgrade Instructions
    • 01 Sep 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    Upgrade Instructions

    • Dark
      Light
    • PDF

    Article summary

    Upgrade Instructions

    In order to upgrade the existing deployment of the Envoy Authorizer, use the helm upgrade command:

    helm upgrade sidecar-test authz-envoy
    

    Update the version of the authz-envoy-sidecar to 1.6.0 and apply this
    configuration - kubectl apply -f samples/authz_v1_plainidinjector.yaml:

    kind: PlainidInjector
    spec:
      ...
      container:
        name: plainid-authz
        image: docker.io/plainid/authz-envoy-sidecar:1.6.0
        ...
    

    Upgrade from version 1.2.x to 1.6.x

    Helm chart
    Helm chart name is changed, new name is authz-envoy.

    Cert Management

    Please note - if you are using the certificates that are included in the container, you will need to change to the
    mount, as described below.

    As part of the security enhancements in authz-operator version 1.6.0, the certificates are no longer included inside
    of authz-operator container.
    From version 1.6.0, the certificates should be mounted from a Secret.
    Here is an example of plainid-controller-manager deployment with mounted certificates (templates/manager.yaml file):

    spec:
      ...
      template:
        ...
        spec:
          ...
          containers:
            ...
            volumeMounts:
                - mountPath: /app/certs
                  name: cert
                  readOnly: true
                  ...
          volumes:
            - name: cert
              secret:
                defaultMode: 420
                secretName: plainid-webhook-server-cert
    

    Secret configuration is present in templates/webhook.yaml file and is taken from values.yaml file.

    Example:

    apiVersion: v1
    kind: Secret
    metadata:
      ...
      name: plainid-webhook-server-cert
    type: Opaque
    data:
      bundle.pem: { { .Values.webhook.bundle } }
      tls.crt: { { .Values.webhook.crt } }
      tls.key: { { .Values.webhook.key } }
    

    Was this article helpful?