Upgrading Venafi components using the Venafi Kubernetes Manifest tool¶
To upgrade releases, first regenerate the manifest:
venctl components kubernetes manifest generate --cert-manager > venafi-components.yaml
The above example assumes you have already installed a previous version of cert-manager in your cluster. The generator picks up the default version, which is newer than the installed version.
Every call to the Venafi Kubernetes Manifest tool is independent. If your first call specified an explicit version for a component but your second call omits that version, then the Venafi Kubernetes Manifest tool will choose a default version in the second call.
The default component versions are included with the Venafi Kubernetes Manifest utility, so that you don't need network access in order to run the tool. In this example, the default version for cert-manager is
v1.14.3. Newer releases of the generator may have a different release as the cert-manager default version.
Apply the configuration to upgrade:
venctl components kubernetes manifest tool sync --file venafi-components.yaml
The upgraded output is similar to the following:
Listing releases matching ^tlspk-cert-manager$ tlspk-cert-manager tlspk 2 2024-1-25 10:56:43.220349 -0500 CDT deployed cert-manager-v1.14.3 v1.14.3 UPDATED RELEASES: NAME CHART VERSION DURATION tlspk-cert-manager venafi-tlspk/cert-manager v1.14.3 33s
The upgrade must include all the modules when generating the manifest. For example, if you installed Venafi Enhanced Issuer previously, you must include it in the second call to generate the manifest or the generator will not include it.