Upgrade Confluent for Kubernetes

Before you start the upgrade process, make sure your Kubernetes cluster is among the Supported Environments for the target version of Confluent for Kubernetes (CFK).

We recommend that you perform this upgrade separate from making other changes to your clusters, such as scaling up, changing configuration, or rotating credentials.

Upgrade considerations

Updates in Confluent Platform configurations

There are configuration changes in CFK 2.7.2, and the changes will cause existing the Confluent Platform clusters to roll during the CFK upgrade process.

Before upgrading CFK, you must disable resource reconciliation as described in Upgrade CFK.

Upgrade default auto-generated certificates to configurable auto-generated certificates

By default, Confluent for Kubernetes (CFK) uses auto-generated certificates without configuration options.

Starting in CFK 2.4.0, you can use configurable certificates that CFK generates with the options you specify.

To upgrade the certificates that were auto-generated in CFK 2.3.x or earlier to configurable auto-managed certificates in 2.4.x or later, follow the below steps. For details, see Use auto-generated TLS certificates.

1. Set managedCerts.enabled: true and managedCerts.caCertificate.secretRef=<secretName> in the CFK Helm values file.
2. Set the other configuration settings under managedCerts as described in Use auto-generated TLS certificates.

CFK will renew the certificates based on the CA certificates and the key present in managedCerts.caCertificate.secretRefs, and will roll the corresponding Confluent clusters.

Change of CA is not supported while moving from the legacy to the configurable certificates mode.

Upgrade CFK

1. Review Upgrade considerations and address any required steps.

2. Disable resource reconciliation.

   To prevent Confluent Platform components from rolling restarts, temporarily disable resource reconciliation of the components in each namespace where you have deployed Confluent Platform, specifying the CR kinds and CR names:

   kubectl annotate connect connect \
       platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate controlcenter controlcenter \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate kafkarestproxy kafkarestproxy \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate kafka kafka \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate ksqldb ksqldb \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate schemaregistry schemaregistry \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate zookeeper zookeeper \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

3. Add the CFK Helm repo:

   helm repo add confluentinc https://packages.confluent.io/helm
   

   helm repo update
   

4. Get the CFK chart.

   • From the Helm repo:

     • To get the latest CFK chart:

     helm pull confluentinc/confluent-for-kubernetes --untar
     

     • To get a specific version of the CFK chart, get the image tag of the CFK version from Confluent for Kubernetes image tags, and specify the version tag with the --version flag:

     helm pull confluentinc/confluent-for-kubernetes --version <CFK image tag> --untar
     

   • From a download bundle as specified in Deploy CFK using the download bundle.

5. IMPORTANT. Upgrade Confluent Platform custom resource definitions (CRDs).

   This step is required because Helm does not support upgrading or deleting CRDs using Helm. For more information, see the Helm documentation.

   kubectl apply -f confluent-for-kubernetes/crds/
   

   1. If the above kubectl apply command returns an error similar to the below:

      The CustomResourceDefinition "kafkas.platform.confluent.io" is invalid:
      metadata.annotations: Too long: must have at most 262144 bytes make: ***
      [install-crds] Error 1
      

      Run one of the following commands:

      kubectl apply --server-side=true -f <CRD>
      

      kubectl replace -f <CRD>
      

   2. If running kubectl apply with the --server-side=true flag returns an error similar to the below:

      Apply failed with 1 conflict: conflict with "helm" using
      apiextensions.k8s.io/v1: .spec.versions Please review the fields
      above--they currently have other managers.
      

      Run kubectl apply or kubectl replace with an additional flag, --force-conflicts:

      kubectl apply --server-side=true --force-conflicts -f <CRD>
      

      kubectl replace --force-conflicts -f <CRD>
      

6. Upgrade CFK to 2.7.2.

   • If you deployed customized CFK using the values file, run the following command to upgrade CFK:

     helm upgrade --install confluent-operator \
       confluentinc/confluent-for-kubernetes \
       --values <path-to-values-file> \
       --namespace <namespace>
     

   • If you deployed CFK without customizing the values file, run the following command to upgrade CFK:

     helm upgrade --install confluent-operator \
       confluentinc/confluent-for-kubernetes \
       --namespace <namespace>
     

   • If you deployed CFK from a download bundle, upgrade CFK as specified in Deploy CFK using the download bundle.

7. Alternatively, upgrade CFK to a specific version, such as a hotfix or a patch version.

   • If you deployed CFK using the values file, in your values.yaml, update the CFK image.tag to the image tag of the CFK version specified in Confluent for Kubernetes image tags:

     image:
       tag: "<CFK image tag>"
     

     And run the following command to upgrade CFK:

     helm upgrade --install confluent-operator \
       confluentinc/confluent-for-kubernetes \
       --values <path-to-values-file> \
       --namespace <namespace>
     

   • If you did not use a customized values.yaml for CFK deployment, run the following command to upgrade CFK to a specific version, using the image tag of the CFK version specified in Confluent for Kubernetes image tags:

     helm upgrade --install confluent-operator \
       confluentinc/confluent-for-kubernetes \
       --version <CFK image tag>
       --namespace <namespace>
     

8. In the following scenario:

   • You migrated Operator 1.x to CFK of a version between 2.0.x and 2.3.x.
   • You are upgrading the migrated CFK to a 2.4.0 or higher version.
   • You are using Confluent Platform version 7.1 or lower.

   Set the following property in the Confluent Control Center CR:

   configOverrides:
     server:
       - confluent.controlcenter.internal.topics.partitions=4
   

9. Enable resource reconciliation for each Confluent Platform components that you disabled reconciliation in the first step above:

   kubectl annotate <component CR kind> <cluster name> \
     platform.confluent.io/block-reconcile- \
     --namespace <namespace>
   

10. Upgrade the CFK init container.

Upgrade CFK init container

In each Confluent Platform component CR, update the CFK init container image tag to the version of CFK you are upgrading to, 2.7.2:

kind: <Confluent component>
spec:
  image:
    init: confluentinc/confluent-init-container:2.7.2