Upgrade Instructions
In order to upgrade the existing deployment of the Envoy Authorizer, use the helm upgrade command:
helm upgrade sidecar-test authz-envoy
Update the version of the authz-envoy-sidecar to 1.6.0 and apply this
configuration - kubectl apply -f samples/authz_v1_plainidinjector.yaml:
kind: PlainidInjector
spec:
...
container:
name: plainid-authz
image: docker.io/plainid/authz-envoy-sidecar:1.6.0
...
Upgrade from version 1.2.x to 1.6.x
Helm chart
Helm chart name is changed, new name is authz-envoy.
Cert Management
Please note - if you are using the certificates that are included in the container, you will need to change to the
mount, as described below.
As part of the security enhancements in authz-operator version 1.6.0, the certificates are no longer included inside
of authz-operator container.
From version 1.6.0, the certificates should be mounted from a Secret.
Here is an example of plainid-controller-manager deployment with mounted certificates (templates/manager.yaml file):
spec:
...
template:
...
spec:
...
containers:
...
volumeMounts:
- mountPath: /app/certs
name: cert
readOnly: true
...
volumes:
- name: cert
secret:
defaultMode: 420
secretName: plainid-webhook-server-cert
Secret configuration is present in templates/webhook.yaml file and is taken from values.yaml file.
Example:
apiVersion: v1
kind: Secret
metadata:
...
name: plainid-webhook-server-cert
type: Opaque
data:
bundle.pem: { { .Values.webhook.bundle } }
tls.crt: { { .Values.webhook.crt } }
tls.key: { { .Values.webhook.key } }