diff --git a/docs/upgrading/README.md b/docs/upgrading/README.md index 788657e34..0fb25a714 100644 --- a/docs/upgrading/README.md +++ b/docs/upgrading/README.md @@ -74,3 +74,4 @@ v1.1.x to v1.2.x and the available patch versions are v1.2.0, v1.2.1 and v1.2.2, ### [v0.8 to v0.9](./v0.8-v0.9.md) ### [v0.9 to v0.10](./v0.9-v0.10.md) +### [v0.10 to v1.0](./v0.10-v1.0.md) diff --git a/docs/upgrading/v0.10-v1.0.md b/docs/upgrading/v0.10-v1.0.md new file mode 100644 index 000000000..5862b653c --- /dev/null +++ b/docs/upgrading/v0.10-v1.0.md @@ -0,0 +1,75 @@ +# v0.10 to v1.0 + +Follow the [Regular Upgrading Process](./README.md). + +## Upgrading Notable Changes + +### APIChanges + +Previously, we used CRD to extend the [Cluster API](https://github.com/karmada-io/karmada/blob/v0.10.1/charts/_crds/bases/cluster.karmada.io_clusters.yaml), however, in the version v1.0, we change to use [API Aggregation](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)(AA) to extend the Cluster API. + +Based on the above change, perform the following operations during the upgrade: + +1. Chang the replicas of `karmada-apiserver` to 0. + +2. Operate etcd to delete cluster crd data. + + ``` + etcdctl --cert="/etc/kubernetes/pki/etcd/karmada.crt" --key="/etc/kubernetes/pki/etcd/karmada.key" --cacert="/etc/kubernetes/pki/etcd/server-ca.crt" del /registry/apiextensions.k8s.io/customresourcedefinitions/clusters.cluster.karmada.io + ``` + +3. To avoid [CA Reusage and Conflicts](https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/#ca-reusage-and-conflicts), create CA signer and sign a certificate to enable the aggregation layer. + + Update `karmada-cert-secret` secret in `karmada-system` namespace: + + ```diff + apiVersion: v1 + kind: Secret + metadata: + name: karmada-cert-secret + namespace: karmada-system + type: Opaque + data: + ... + + front-proxy-ca.crt: | + + {{front_proxy_ca_crt}} + + front-proxy-client.crt: | + + {{front_proxy_client_crt}} + + front-proxy-client.key: | + + {{front_proxy_client_key}} + ``` + + And update `karmada-apiserver` deployment's container commend: + + ```diff + - - --proxy-client-cert-file=/etc/kubernetes/pki/karmada.crt + - - --proxy-client-key-file=/etc/kubernetes/pki/karmada.key + + - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt + + - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key + - - --requestheader-client-ca-file=/etc/kubernetes/pki/server-ca.crt + + - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt + ``` + + After the updation, restore the replicas of `karmada-apiserver` instances. + +4. Deploy `karmada-aggregated-apiserver`: + + ``` + make image-karmada-aggregated-apiserver + + kubectl --kubeconfig /root/.kube/karmada.config --context karmada-host apply -f artifacts/deploy/karmada-aggregated-apiserver.yaml + + kubectl --kubeconfig /root/.kube/karmada.config --context karmada-apiserver apply -f artifacts/deploy/apiservice.yaml + ``` + +###karmada-agent + +Due to [add unfied auth controller](https://github.com/karmada-io/karmada/pull/1104), we need to apply `karmada-agent` ClusterRole: + +``` +kubectl apply -f artifacts/agent/clusterrole.yaml +``` + +### Other + +If you need to use [MCS](https://github.com/karmada-io/karmada/blob/master/docs/multi-cluster-service.md) feature, we need to upgrade the version of member cluster's kube-apiserver to v1.21.x. For details about the upgrade reasons, see [comment](https://github.com/karmada-io/karmada/pull/1107#issuecomment-997159415).