Skip to content

Upgrading Venafi components using the Venafi Kubernetes Manifest tool

  1. To upgrade releases, first regenerate the manifest:

    venctl components kubernetes manifest generate --cert-manager > venafi-components.yaml


    The above example assumes you have already installed a previous version of cert-manager in your cluster. The generator picks up the default version, which is newer than the installed version.

    Every call to the Venafi Kubernetes Manifest tool is independent. If your first call specified an explicit version for a component but your second call omits that version, then the Venafi Kubernetes Manifest tool will choose a default version in the second call.

    The default component versions are included with the Venafi Kubernetes Manifest utility, so that you don't need network access in order to run the tool. In this example, the default version for cert-manager is v1.15.0. Newer releases of the generator may have a different release as the cert-manager default version.

  2. Apply the configuration to upgrade:

    venctl components kubernetes manifest tool sync --file venafi-components.yaml

    The upgraded output is similar to the following:

    Listing releases matching ^tlspk-cert-manager$
    tlspk-cert-manager      tlspk         2        2024-1-25 10:56:43.220349 -0500 CDT    deployed        cert-manager-v1.15.0      v1.15.0
    NAME                           CHART                                 VERSION             DURATION
    tlspk-cert-manager             venafi-tlspk/cert-manager             v1.15.0        33s


    The upgrade must include all the modules when generating the manifest. For example, if you installed Venafi Enhanced Issuer previously, you must include it in the second call to generate the manifest or the generator will not include it.