Upgrade instructions

The following upgrade instructions aim to upgrade running deployments to a newer version of Airlock Microgateway without interruption of service.

  • The upgrade instructions may not apply to breaking release upgrades of Airlock Microgateway. Refer to the release notes published on GitHub.
  • Do not add the --reuse-values flag to the helm upgrade command when upgrading to a different version of Airlock Microgateway/Helm charts. The flag would prevent updating some required settings and changes.
  1. Update the CRDs. This will not break your current installation if not noted otherwise in the release notes of the new Microgateway version.
    2. copy
    kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.5.0 --server-side --force-conflicts
  2. For sidecar-based data plane mode deployments:
    Upgrade the Microgateway CNI plugin.
    3. copy
    helm upgrade airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.5.0'
  3. Upgrade the Microgateway Operator.
    4. copy
    helm upgrade airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.5.0'
  4. You can verify the current Pod status by checking the version label.
  5. For sidecar-based data plane mode deployments:
    To finalize the upgrade process, use our script to manually restart all application Pods containing Microgateway Engine sidecars. See section Restart script for sidecar-based applications.
  6. For sidecarless data plane mode deployments:
    Upgrade the K8s Gateway API CRDs to v1.2.1 from the standard channel.
    7. copy
    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml

Restart script for sidecar-based applications

We have created a useful script to accelerate the deployment update process with multiple application Pods. The script can fetch Deployments, DaemonSets, and StatefulSets managing outdated application Pods.

  1. Save the script fetch-outdated-resources, rename it to fetch-outdated-resources.sh, and make it executable.
    2. copy
    #!/bin/sh 
set -eu 
namespace=${1:-"default"} 
 
pod_selector="sidecar.microgateway.airlock.com/incompatible=true"
 
rootController() { 
    namespace=$1 
    resource=$2 
    owner=$(kubectl get "${resource}" -n "${namespace}" -ojsonpath='{range .metadata.ownerReferences[?(@.controller==true)]}{.kind}/{.name}{"\n"}{end}') 
    if [ -n "$owner" ]; then 
        rootController "${namespace}" "${owner}" 
    elif echo "${resource}" | grep -vq Pod/; then 
        echo "${resource}" 
    fi 
} 
 
for pod in $(kubectl get pods -n "${namespace}" -l "${pod_selector}" -ojsonpath='{range .items[*]}Pod/{.metadata.name}{"\n"}{end}'); do 
        rootController "${namespace}" "${pod}" 
done | sort -u
  2. Variant 1

    3. Automatic rollout restart of outdated resources with the following command:

    copy
    ./fetch-outdated-resources.sh <application-namespace> | xargs kubectl rollout restart -n <application-namespace>
  3. Variant 2
    1. Set the microgateway.airlock.com/restartRequired=true label.
      2. copy
      ./fetch-outdated-resources.sh <application-namespace> | xargs -I{} kubectl label {} -n <application-namespace> "restartRequired=true"
    2. Perform a rollout restart of the labeled resources.
      3. copy
      kubectl rollout restart -n <application-namespace> deployments -l microgateway.airlock.com/restartRequired=true
kubectl rollout restart -n <application-namespace> daemonsets -l microgateway.airlock.com/restartRequired=true
kubectl rollout restart -n <application-namespace> statefulsets -l microgateway.airlock.com/restartRequired=true
    3. Remove the microgateway.airlock.com/restartRequired=true label after rollout.