Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update etcd3-migration.md doc #6774

Merged
merged 2 commits into from
Apr 18, 2019
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions docs/etcd3-migration.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,19 @@
# Moving to etcd3
# Moving to etcd3 and/or adopting etcd-manager

- [Moving to etcd3 and/or adopting etcd-manager](#moving-to-etcd3-andor-adopting-etcd-manager)
- [Background Info](#background-info)
- [Default upgrades](#default-upgrades)
- [Non-calico users](#non-calico-users)
- [Calico users](#calico-users)
- [Gradual updates](#gradual-updates)
- [Adopt etcd-manager with kops 1.11 / kubernetes 1.11](#adopt-etcd-manager-with-kops-111--kubernetes-111)
- [Delay adopting etcd-manager with kops 1.12](#delay-adopting-etcd-manager-with-kops-112)
- [Delay adopting etcd3 with kops 1.12](#delay-adopting-etcd3-with-kops-112)

## Background Info

kubernetes is moving from etcd2 to etcd3, which is an upgrade that involves
downtime. Technically there is no usable upgrade path from etcd2 to etcd3 that
downtime. Technically there is no usable upgrade path from etcd2 to etcd3 that
supports HA scenarios, but kops has enabled it using etcd-manager.

Nonetheless, this remains a *higher-risk upgrade* than most other kubernetes
Expand All @@ -20,6 +32,11 @@ provide some mitigation steps for breaking up the upgrade, though most of these
therefore involve multiple disruptive upgrades (e.g. etc2 -> etcd3 is
disruptive, non-TLS to TLS is disruptive).

**Note:** Even if you are already using etcd3 and have TLS enabled, it is
recommended to use to etcd-manager and the steps in this document still apply to
you. If you would like to delay using etcd-manager, there are steps at the
bottom of this doc that outlines how to do that.

## Default upgrades

When upgrading to kubernetes 1.12 with kops 1.12, by default:
Expand Down Expand Up @@ -63,7 +80,8 @@ more disruption and are not necessarily lower risk.

### Adopt etcd-manager with kops 1.11 / kubernetes 1.11

To adopt etcd-manager before kops 1.12 & kubernetes 1.12, you
If you don't already have TLS enabled with etcd, you can adopt etcd-manager before
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put this qualifier in here because I received this error message when trying to use etcd-manager with kops 1.11.0 and 1.11.1. This could have been user error 🤷‍♂️

"error building tasks: TLS not supported for etcd-manager"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, we ran into that as well.

kops 1.12 & kubernetes 1.12 by running:

```bash
kops set cluster cluster.spec.etcdClusters[*].provider=manager
Expand All @@ -89,5 +107,4 @@ To delay adopting etcd3 with kops 1.12, specify the etcd version as 2.2.1
kops set cluster cluster.spec.etcdClusters[*].version=2.2.1
```

To remove, `kops edit` your cluster and delete the `version: 2.2.1` lines from both etcdCluster blocks.

To remove, `kops edit` your cluster and delete the `version: 2.2.1` lines from both etcdCluster blocks.
16 changes: 8 additions & 8 deletions docs/releases/1.12-NOTES.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@

# Significant changes

* kops 1.12 enables etcd-manager by default. For kubernetes 1.12 (and later) we
default to etcd3. We also enable TLS for etcd communications when using
etcd-manager. More information is in the [etcd migration
documentation](https://github.com/kubernetes/kops/blob/master/docs/etcd3-migration.md)
* Components are no longer allowed to interact with etcd directly. Calico will
be switched to use CRDs instead of directly with etcd. This is a disruptive
* kops 1.12 enables etcd-manager by default. For kubernetes 1.12 (and later) we
default to etcd3. We also enable TLS for etcd communications when using
etcd-manager. More information is in the [etcd migration
documentation](https://github.com/kubernetes/kops/blob/master/docs/etcd3-migration.md).
This documentation is useful even if you are already using etcd3 with TLS.
* Components are no longer allowed to interact with etcd directly. Calico will
be switched to use CRDs instead of directly with etcd. This is a disruptive
upgrade, please read the calico notes in the [etcd migration
documentation](https://github.com/kubernetes/kops/blob/master/docs/etcd3-migration.md)

Expand All @@ -21,5 +22,4 @@

# Full change list since 1.11.0 release

(will be included with 1.12.0 beta releases)

(will be included with 1.12.0 beta releases)