Skip to content

Commit

Permalink
[CRDB-44997] docs: update docs to upgrade chart involving new PVCs
Browse files Browse the repository at this point in the history
The upgrade process for a chart involving new PVCs is manual and needs
to be well documented. We will be working on automating it soon.

This PR also fixes other minor docs and updates the release.
  • Loading branch information
pritesh-lahoti committed Dec 18, 2024
1 parent b9731bc commit 910d120
Show file tree
Hide file tree
Showing 4 changed files with 376 additions and 355 deletions.
31 changes: 19 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ rotation with following setting:
tls.certs.selfSigner.rotateCerts: true
```

## Certificate managed by cockroachdb && CA provided by user
## Certificate managed by cockroachdb and CA provided by user

If user has a custom CA which they already use for certificate signing in their organisation, this utility provides a way
for user to provide the custom CA. All the node and client certificates are signed by this user provided CA.
Expand Down Expand Up @@ -84,12 +84,13 @@ tls.certs.selfSigner.nodeCertExpiryWindow: 168h
This utility will only handle the rotation of client and node certificates, the rotation of custom CA should be done by user.


## Installation of Helm Chart
## Installation of Helm chart

When user install cockroachdb cluster with self-signer enabled, you will see the self-signer job.

```
kubectl get pods
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
crdb-cockroachdb-self-signer-mmxp8 1/1 Running 0 15s
```
Expand All @@ -98,7 +99,8 @@ This job will generate CA, client and node certificates based on the user input
see the following secrets representing each certificates:

```
kubectl get secrets
$ kubectl get secrets
NAME TYPE DATA AGE
crdb-cockroachdb-ca-secret Opaque 2 3m10s
crdb-cockroachdb-client-secret kubernetes.io/tls 3 3m9s
Expand All @@ -112,7 +114,8 @@ sh.helm.release.v1.crdb.v1 helm.sh/release.v1
After this, the cockroachdb init jobs starts and copies this certificate to each nodes:

```
prafull@EMPID18004:helm-charts$ kubectl get pods
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
crdb-cockroachdb-0 0/1 Init:0/1 0 18s
crdb-cockroachdb-1 0/1 Init:0/1 0 18s
Expand All @@ -122,7 +125,8 @@ crdb-cockroachdb-init-fclbb 1/1 Running 0 16s

At last, the cockroach db cluster comes into running state with following output:
```
helm install crdb ./cockroachdb/
$ helm install crdb ./cockroachdb
NAME: crdb
LAST DEPLOYED: Thu Aug 19 18:03:37 2021
NAMESPACE: crdb
Expand Down Expand Up @@ -152,17 +156,19 @@ For more information on using CockroachDB, please see the project's docs at:
https://www.cockroachlabs.com/docs/
```

## Upgrade of cockroachdb Cluster
## Upgrade of cockroachdb cluster

Kick off the upgrade process by changing the new Docker image, where `$new_version` is the CockroachDB version to which you are upgrading:

```shell
helm upgrade my-release cockroachdb/cockroachdb \
$ helm upgrade crdb ./cockroachdb \
--set image.tag=$new_version \
--reuse-values --timeout=20m
```

Kubernetes will carry out a safe [rolling upgrade](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) of your CockroachDB nodes one-by-one. Monitor the cluster's pods until all have been successfully restarted:
Kubernetes will carry out a safe [rolling upgrade](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) of your CockroachDB nodes one-by-one. Monitor the cluster's pods until all have been successfully restarted.

In case the upgrade involves adding new Persistent Volume Claim to the existing pods (e.g. enabling WAL Failover, pushing logs to a separate volume, etc.), then kindly refer to the documentation in [this](https://github.com/cockroachdb/helm-charts/tree/master/cockroachdb#chart-version-300-and-after) section.

## Migration from Kubernetes Signed Certificates to Self-Signer Certificates

Expand All @@ -174,13 +180,13 @@ User can move from old kubernetes signing certificates by performing following s
Run the upgrade command with upgrade strategy set as "onDelete" which only upgrades the pods when deleted by the user.

```shell
helm upgrade crdb-test cockroachdb --set statefulset.updateStrategy.type="OnDelete" --timeout=20m
$ helm upgrade crdb cockroachdb --set statefulset.updateStrategy.type="OnDelete" --timeout=20m
```

While monitor all the pods, once the init-job is created, you can delete all the cockroachdb pods with following command:

```shell
kubectl delete pods -l app.kubernetes.io/component=cockroachdb
$ kubectl delete pods -l app.kubernetes.io/component=cockroachdb
```

This will delete all the cockroachdb pods and restart the cluster with new certificates generated by the self-signer utility.
Expand Down Expand Up @@ -215,7 +221,8 @@ tls.certs.certManagerIssuer.name: cockroachdb
```

```shell
% helm install crdb ./cockroachdb
$ helm install crdb ./cockroachdb
NAME: crdb
LAST DEPLOYED: Fri Aug 4 14:42:11 2023
NAMESPACE: crdb
Expand Down
Loading

0 comments on commit 910d120

Please sign in to comment.