1. Home
2. Confluent for Kubernetes
3. Upgrade using Confluent for Kubernetes

Upgrade Confluent for Kubernetes

Before you start the upgrade process, make sure your Kubernetes cluster is among the Supported Environments for the target version of Confluent for Kubernetes (CFK).

We recommend that you perform this upgrade separate from making other changes to your clusters, such as scaling up, changing configuration, or rotating credentials.

Upgrade considerations

Cluster link status change

The status in the ClusterLink CRD has a breaking change in CFK 2.4. When upgrading from CFK 2.3.x or earlier, take the following steps to fix the compatibility issue:

1. Before the upgrade, when you are on 2.3.x or earlier, remove the status from the ClusterLink CRD. This is to remove the old, incompatible status data. The status will be generated once the cluster link is reconciled.

   kubectl patch crd clusterlinks.platform.confluent.io --type='json' \
     --patch='[{"op": "replace", "path": "/spec/versions/0/schema/openAPIV3Schema/properties/status/properties", "value": {}}]'
   

2. Confirm that the status is empty in the ClusterLink CR and that CFK comes up without errors:

   kubectl -n <namespace> get clusterlink <name> -oyaml
   

   The output should look similar to the following:

   apiVersion: v1
   items:
   - apiVersion: platform.confluent.io/v1beta1
     kind: ClusterLink
     spec:
       destinationKafkaCluster:
         kafkaRestClassRef:
           name: destination-kafka-rest
           namespace: destination
       mirrorTopics:
       - name: demo-cl
       sourceKafkaCluster:
         bootstrapEndpoint: kafka.origin.svc.cluster.local:9071
         kafkaRestClassRef:
           name: origin-kafka-rest
           namespace: origin
     status: {}
   

3. After the upgrade, the ClusterLink CRs would reconcile and update the status.

Upgrade CFK

1. Review Upgrade considerations and address any required steps.

2. Disable resource reconciliation.

   To prevent Confluent Platform components from rolling restarts, temporarily disable resource reconciliation of the components in each namespace where you have deployed Confluent Platform, specifying the CR kinds and CR names:

   kubectl annotate connect connect \
       platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate controlcenter controlcenter \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate kafkarestproxy kafkarestproxy \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate kafka kafka \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate ksqldb ksqldb \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate schemaregistry schemaregistry \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

   kubectl annotate zookeeper zookeeper \
        platform.confluent.io/block-reconcile=true \
        --namespace <namespace>
   

3. Get the latest CFK chart.

   • From the Helm repo:

     helm repo add confluentinc https://packages.confluent.io/helm
     

     helm repo update
     

     helm pull confluentinc/confluent-for-kubernetes --untar
     

   • From a download bundle as specified in Deploy CFK using the download bundle.

4. IMPORTANT. Upgrade Confluent Platform custom resource definitions (CRDs):

   kubectl apply -f <CFK home>/confluent-for-kubernetes/crds/
   

   This step is required because Helm does not support upgrading or deleting CRDs using Helm. For more information, see the Helm documentation.

5. If you want to upgrade to a hotfix or a patch version, update the CFK image.tag to 0.517.23 in your values.yaml. For example:

   image:
     tag: "0.517.23"
   

6. Upgrade CFK to 2.4.1.

   • If you deployed customized CFK using the values file, run the following command to upgrade CFK:

     helm upgrade --install confluent-operator \
       confluentinc/confluent-for-kubernetes \
       --values <path-to-values-file> \
       --namespace <namespace>
     

   • If you deployed CFK without customizing the values file, run the following command to upgrade CFK:

     helm upgrade --install confluent-operator \
       confluentinc/confluent-for-kubernetes \
       --namespace <namespace>
     

7. Enable resource reconciliation for each Confluent Platform components that you disabled reconciliation in the first step above:

   kubectl annotate <component CR kind> <cluster name> \
     platform.confluent.io/block-reconcile- \
     --namespace <namespace>
   

Upgrade default auto-generated certificates to configurable auto-generated certificates

By default, Confluent for Kubernetes (CFK) uses auto-generated certificates without configuration options.

Starting in CFK 2.4.0, you can use configurable certificates that CFK generates with the options you specify.

To upgrade the certificates that were auto-generated in CFK 2.3.x or earlier to configurable auto-managed certificates in 2.4.x or later, follow the below steps. For details, see Auto-generated TLS certificates.

1. Set managedCerts.enabled: true and managedCerts.caCertificate.secretRef=<secretName> in the CFK Helm values file.
2. Set the other configuration settings under managedCerts as described in Auto-generated TLS certificates.

CFK will renew the certificates based on the CA certificates and the key present in managedCerts.caCertificate.secretRefs, and will roll the corresponding Confluent clusters.

Change of CA is not supported while moving from the legacy to the configurable certificates mode.