Releases · kubewarden/helm-charts

This helm chart version contains an updated version of the ClusterAdmissionPolicy CRD. This CRD now includes two additional fields on the status field:

conditions: an array of metav1.Condition
policyActive: a boolean specifying whether the policy is receiving admission reviews from the API server

Upgrade process

Stop the controller

$ kubectl delete deployment -n kubewarden kubewarden-controller

Install the new Custom Resource Definition

$ kubectl apply -f https://raw.githubusercontent.com/kubewarden/helm-charts/kubewarden-controller-0.1.14/charts/kubewarden-controller/crds/clusteradmissionpolicies.yaml

Upgrade the helm release

$ helm upgrade kubewarden-controller --version 0.1.14 kubewarden/kubewarden-controller

WARNING: This helm chart release will lead to the deployment of kubewarden-controller v0.2.0.
These extra actions have to be taken into account when upgrading a previously deployed release of kubewarden-controller.

The v0.2.0 release of kubewarden-controller introduces a new version of the ClusterAdmissionPolicy custom resource.

Starting from this release, only ClusterAdmissionPolicy of version v1alpha2 are going to be reconciled by the controller.

Upgrade process

This section describes how to migrate a kubewarden deployment from v0.1.4 to
v0.2.0.

Pre-requisites

You must port the v1alpha1 definitions to the v1alpha2 format. We don't offer an automated process for that,
but the operation is pretty straightforward.

The apiGroups, apiVersions, resources and operations are no longer top-level attributes, but rather items under the
new rules attribute.

Consider the following v1alpha1 resource definition:

apiVersion: policies.kubewarden.io/v1alpha1
kind: ClusterAdmissionPolicy
metadata:
  name: psp-capabilities
spec:
  module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.3
  resources:
  - pods
  operations:
  - CREATE
  - UPDATE
  mutating: true
  settings:
    allowed_capabilities:
    - CHOWN
    required_drop_capabilities:
    - NET_ADMIN

The v1alpha2 equivalent would be:

apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
  name: psp-capabilities
spec:
  module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.3
  rules:
    - apiGroups: [""]
      apiVersions: ["v1"]
      resources: ["pods"]
      operations:
      - CREATE
      - UPDATE
  mutating: true
  settings:
    allowed_capabilities:
    - CHOWN
    required_drop_capabilities:
    - NET_ADMIN

Some considerations worth of note:

With v1alpha1, apiGroups, apiVersions, resources were optional string attributes. Now they are array of
strings that must have at least one element.
With v1alpha1, apiGroups, apiVersions, resources were optional string attributes.
When left empty they would default to the "*" value.

This is reflected in the example above, as you can see the v1alpha2 resource explicitly defines all these attributes.

Upgrade steps

This is a list of steps to perform the upgrade to the v0.2.0 release.

We assume the deployment of Kubewarden has been done using our official helm charts inside of the kubewarden
Namespace.

Delete old controller

As a first step, start by deleting the current kubewarden-controller deployment.
This can be done with the following command:

kubectl delete deployment --namespace kubewarden kubewarden-controller

Note well: Existing policies will continue to work as expected, even while the controller is not running. Removal, creation and update of policies won't be reconciled until the controller is restarted.

Install new Custom Resource Definitions

To install the new CRD definition execute the following commnad:

kubectl apply -f https://raw.githubusercontent.com/kubewarden/helm-charts/kubewarden-controller-0.1.12/charts/kubewarden-controller/crds/clusteradmissionpolicies.yaml

Upgrade your policies

Upgrade all the currently defined ClusterAdmissionPolicy resources to use the v1alpha2 version.

This can be done via:

kubectl apply -f <upgrade-policy.yaml>

Upgrade the helm release

It's time to upgrade the helm release, this can be done via:

helm upgrade kubewarden-controller --version 0.1.12 kubewarden/kubewarden-controller

Once this is done, the new version of the kubewarden-controller will be running on our cluster. The policy-server instance will keep operating as expected during the whole time. It won't even be restarted, unless you
changed some details about the ClusterAdmissionPolicy resource apart from the version itself.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release notes

Upgrade process

Stop the controller

Install the new Custom Resource Definition

Upgrade the helm release

Upgrade process

Pre-requisites

Upgrade steps

Delete old controller

Install new Custom Resource Definitions

Upgrade your policies

Upgrade the helm release

Releases: kubewarden/helm-charts

kubewarden-controller-0.2.1

kubewarden-controller-0.2.0

Release notes

kubewarden-controller-0.1.18

kubewarden-controller-0.1.17

kubewarden-controller-0.1.16

kubewarden-controller-0.1.15

kubewarden-controller-0.1.14

Upgrade process

Stop the controller

Install the new Custom Resource Definition

Upgrade the helm release

kubewarden-controller-0.1.13

kubewarden-controller-0.1.12

Upgrade process

Pre-requisites

Upgrade steps

Delete old controller

Install new Custom Resource Definitions

Upgrade your policies

Upgrade the helm release

kubewarden-controller-0.1.9