Upgrade Confluent Operator, Confluent Platform, and Helm¶
Before you start the upgrade process, make sure your Kubernetes cluster is among the Supported Environments for the target version of Confluent Operator.
The examples in this guide use the following assumptions:
$VALUES_FILErefers to the configuration file you set up in Create the global configuration file.
To present simple and clear examples in the Operator documentation, all the configuration parameters are specified in the config file (
$VALUES_FILE). However, in your production deployments, use the
--set-fileoption when applying sensitive data with Helm. For example:
helm upgrade --install kafka \ --set kafka.services.mds.ldap.authentication.simple.principal=”cn=mds,dc=test,dc=com” \ --set kafka.services.mds.ldap.authentication.simple.credentials=”Developer!” \ --set kafka.enabled=true
operatoris the namespace that Confluent Platform is deployed in.
All commands are executed in the
helmdirectory under the directory Confluent Operator was downloaded to.
Currently, Confluent Operator does not support the direct upgrade from Confluent Platform 5.3.x to 5.5.x. If you are upgrading from 5.3.x to 5.5.x, perform a rolling upgrade as following:
- Upgrade Confluent Platform from 5.3.x to 5.4.x, specifically running the
pre_upgrade_cp54_zookeeper.shscript before upgrading.
- Upgrade Confluent Platform from 5.4.x to 5.5.x as described in the following section.
Upgrade Confluent Platform version 5.4.x to 5.5.x¶
Review the following upgrade considerations for limitations and unsupported upgrade scenarios:
- Starting in 5.5, Confluent Operator supports namespaced deployments for new installations rather than requiring cluster-wide permissions for Confluent Operator. However, for the purposes of this upgrade workflow, you must continue to use the cluster-wide permissions for Operator and cannot switch to the namespaced scoping. The following default settings cannot be changed for upgrades:
- Starting in 5.5, Confluent Operator can use pre-existing Kubernetes Storage Classes rather than needing to create its own as it did with 5.4.x. However, for the purposes of this upgrade workflow, you must continue to use the Operator-created Storage Class. Make sure your configuration file (
$VALUES_FILE) still contains the
global.provider.storagesection you were using for 5.4.
Complete the following procedures to upgrade your operating environment.
Upgrade Confluent Operator¶
You start the migration and upgrade process by upgrading Confluent Operator.
Download and extract the Operator bundle for Confluent Platform 5.5.2.
Delete the old clusterrolebinding with the following command:
kubectl delete clusterrolebinding <namespace>-<operator-deployment-name>
For example, using the
operatornamespace and the
kubectl delete clusterrolebinding operator-cc-operator
If you specify not to install CRDs (
operator.installCRDs: false) at the time of the upgrade, you need to manually update them as described in Configure Confluent Operator and Confluent Platform after the upgrade.
If you do not disable the reconcile operations before you run the upgrade, components will begin rolling restarts and some pods may go into
The script disables reconcile operations so that Confluent Platform components do not restart. Only Operator restarts during this upgrade.
Your output should resemble the following:
./scripts/upgrade/disable_reconcile.sh <namespace> physicalstatefulcluster.operator.confluent.cloud/connectors annotated physicalstatefulcluster.operator.confluent.cloud/controlcenter annotated physicalstatefulcluster.operator.confluent.cloud/kafka annotated physicalstatefulcluster.operator.confluent.cloud/ksql annotated physicalstatefulcluster.operator.confluent.cloud/replicator annotated physicalstatefulcluster.operator.confluent.cloud/schemaregistry annotated physicalstatefulcluster.operator.confluent.cloud/zookeeper annotated
From the directory where the Operator bundle was extracted, run:
helm upgrade --install <operator-helm-release-name> \ ./confluent-operator \ --values $VALUES_FILE \ --set operator.enabled=true \ --namespace <namespace> \ --wait
<operator-helm-release-name>is the NAME displayed for the
confluent-operatorchart when running the
helm ls -n <namespace>command.
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE operator 2 Mon Jan 6 DEPLOYED confluent-operator 1.0 operator
Upgrade ZooKeeper, Kafka and other Confluent Platform components¶
Complete the following steps for ZooKeeper, Kafka, and other components, specifically Schema Registry, Connect, Replicator, and Confluent Control Center, in the Confluent Platform cluster.
Each cluster will roll during this procedure.
Do not follow the steps in this section to upgrade KSQL. See Migrate KSQL to ksqlDB for the special migration steps for ksqlDB 5.5.
For each Confluent Platform component release in the cluster, update the desired configuration and version of the cluster:
helm upgrade --install <component-helm-release-name> \ ./confluent-operator \ --values $VALUES_FILE \ --set <component>.enabled=true \ --namespace <namespace> \ --wait
<component-helm-release-name>is the NAME displayed for the component chart when running the
helm ls -n <namespace>command.
Enable reconciliation so that Operator applies the desired configuration and updates the cluster:
./scripts/upgrade/enable_reconcile.sh <namespace> <component-helm-release-name>
./scripts/upgrade/enable_reconcile.sh operator kafka
Complete the previous step for all remaining namespaces (if applicable).
Migrate KSQL to ksqlDB¶
Upgrading KSQL 5.4 to ksqlDB 5.5.x in-place is not supported. Complete the following steps to migrate KSQL 5.4 to ksqlDB 5.5:
To prevent data loss, stop all client applications and producers that write to the KSQL cluster.
Make sure you have access to
kafka-console-consumertool is installed as part of Confluent Platform.
You must provide credentials for the
kafka-console-consumercommand by using the
-consumer.configoption. For more information, see Encryption and Authentication with SSL.
Capture existing SQL statements with the following command:
kafka-console-consumer \ --bootstrap-server <Kafka provider host> \ --topic _confluent-ksql-<ksql_service_id>_command_topic \ --from-beginning \ | jq -r ".statement" > statements.sql
The above example command shows how to pipe the output to
jqand save the the SQL commands to a
<namespace>.<KSQL cluster name>. You can find
<KSQL cluster name>in the Helm chart of KSQL.
If you have load balancers enabled for Kafka, replace
<Kafka provider host>with
kafka.<load balancer host address>:9092.
If you do not have load balancers enabled, replace
<Kafka provider host>with the
kafka.namevalue in Helm charts as bootstrap with port 9071, e.g.
Look through the statements to make sure that the command worked as expected without any errors or exeptions.
Stop the existing KSQL deployment with the following command:
helm uninstall <ksql-release-name> --namespace <namespace>
Deploy a new ksqlDB cluster with the following command:
helm upgrade --install ksql \ --values $VALUES_FILE \ --set ksql.enabled=true \ --namespace <namespace>
Replay SQL statements that you captured in the second step with the command in ksqlDB CLI:
RUN SCRIPT <path-to-statements.sql>
There have been backward-incompatible syntax changes between KSQL and ksqlDB, and some of the statements may fail. If this happens, run the statements in
statements.sqlone-by-one, fixing any statements that have failed.
Reconfigure and restart the clients to talk to the new ksqlDB clusters.
If a load balancer is enabled, you may have a new load balancer IP. You may need to update the DNS records if you’re pointing DNS at the ksqlDB load balancer with clients reaching ksqlDB via DNS address rather than directly reaching ksqlDB via load balancer IP. See Add DNS entries for configuring ksqlDB DNS name.
See Upgrading ksqlDB for more information about migrating from KSQL to ksqlDB.
Update a single component image¶
You can update a single Confluent Platform component image version without affecting cluster performance. Special care is taken when upgrading Kafka brokers. The upgrade process verifies topic leader re-election and zero under-replicated partitions before beginning the upgrade process for the next Kafka broker. This ensures that the Kafka cluster continues to perform well while being upgraded.
IMAGESfile that comes with the Operator bundle, locate the Confluent Platform component that you want to update, and take the image tag,
In your config file (
$VALUES_FILE), add or update the following section:
<component>: image: tag: <new-tag>
Run the following command, replacing
<component-helm-release-name>with the Helm release name of the component:
helm upgrade --install <component-helm-release-name> \ --values $VALUES_FILE \ --set <component>.enabled=true \ --set <component>.image.tag=<new-tag> \ ./confluent-operator \ --namespace <namespace>
A component rolling upgrade begins after you run the above
helm upgradecommand, unless you have disabled reconciliation. (See the workflow above on upgrading to 5.5.2 for an example where you might disable reconciliation).