How to upgrade Azure Key Vault to Kubernetes

Make sure to check the requirements before installing.

Upgrading akv2k8s is exactly the same as installing, with two exceptions:


Update helm chart:

helm repo update

Run the Helm upgrade:

helm upgrade --install akv2k8s spv-charts/akv2k8s \
  --namespace akv2k8s

Manually upgrading Custom Resource Definition (CRD)

Latest CRDs are always be available at https://github.com/sparebankenvest/azure-key-vault-to-kubernetes/crds and can be installed manually by:

kubectl apply -f https://raw.githubusercontent.com/sparebankenvest/azure-key-vault-to-kubernetes/master/crds/AzureKeyVaultSecret.yaml

Note: If you delete the AzureKeyVaultSecret CRD from Kubernetes, all resources of type AzureKeyVaultSecret created in cluster will be removed. This is by design: https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#delete-a-customresourcedefinition

Re-deploy Existing Pods with Env Injected Variables

Version 1.2 of the Env Injector has changed how the Auth Service works. It now requires a client certificate and older versions of the Env Injector Sidecar does not work with version 1.2.

Upgrading Helm chart version to v2.x.x from v1.1.x

As a consequence of breaking changes in the akv2k8s Helm chart a major version bump to 2.x.x was required. Uninstallation of v1.1.x is required before installing v2.x.x.

helm uninstall akv2k8s -n akv2k8s

Note: Remember to upgrade the CRD manually if an old CRD version is applied to the cluster, as Helm does not handle CRD upgrades.

Edit on GitHub