From dad8a7ef3b66d72b91f27ccbc5d839fd49ff59df Mon Sep 17 00:00:00 2001 From: Blaine Gardner Date: Thu, 9 Dec 2021 11:06:43 -0700 Subject: [PATCH] docs: add instructions to upgrade admission controller MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In 1.8, the admission controller has merged with the operator and the operator needs an emptyDir and a volume mount to store the webhook certificates. Co-authored-by: Blaine Gardner Co-authored-by: Sébastien Han Signed-off-by: Blaine Gardner (cherry picked from commit 6c09de619fc0fd48e6864284f961a21714b35341) --- Documentation/ceph-upgrade.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Documentation/ceph-upgrade.md b/Documentation/ceph-upgrade.md index 176e34c0aa08..be39a37a4d04 100644 --- a/Documentation/ceph-upgrade.md +++ b/Documentation/ceph-upgrade.md @@ -340,6 +340,24 @@ When the operator is updated, it will proceed to update all of the Ceph daemons. kubectl -n $ROOK_OPERATOR_NAMESPACE set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.8.0 ``` +#### Admission controller +If you use the optional [Admission controller](admission-controller-usage.md), there are additional +updates during this step. The admission controller has been integrated inside the operator +instead of a separate deployment. This means that the webhook server certificates are now stored in +the operator, and the operator manifest must be updated to use the one provided in +`deploy/examples/operator.yaml`. If you are using Helm to manage the deployment, this is handled +automatically. + +When updating the operator deployment with the latest example from Rook, there is risk of +overwriting changes if you have customized the operator deployment or to the +`rook-ceph-operator-config` ConfigMap. We suggest that you remove the ConfigMap from `operator.yaml` +before moving on. Additionally, we encourage you to diff the current deployment and the latest one +to be sure any changes you may have made don't get overwritten. Required changes include the +`webhook-cert` volume/mount and `https-webhook` port, though there are some smaller changes as well. + +Once you are sure any custom modifications to your operator deployment won't be overwritten, apply +the new `operator.yaml` with `kubectl apply -f deploy/examples/operator.yaml`. + ### **4. Wait for the upgrade to complete** Watch now in amazement as the Ceph mons, mgrs, OSDs, rbd-mirrors, MDSes and RGWs are terminated and