Enterprise Kubernetes, delivered

Tectonic ships with CoreOS's signature automated operations, runs multi-cloud, and is the fastest, most secure path to Kubernetes.

Upgrading Vault Cluster

This document describes how to upgrade an HA-enabled Vault cluster. Vault operator simulates the suggested upgrade process as recommended in the official Vault documentation for Upgrading Vault HA Installations.


Upgrade the Vault nodes

Create the following Vault CR to use as the basis for the upgrade:

apiVersion: "vault.security.coreos.com/v1alpha1"
kind: "VaultService"
  name: "example"
  nodes: 2
  version: "0.8.3-0"

After the Vault cluster is deployed and unsealed, there will be one active and one standby node.

Use kubectl to upgrade to Vault 0.9.0-0:

kubectl -n default get vault example -o yaml | sed 's/version: 0.8.3-0/version: 0.9.0-0/g' | kubectl apply -f -

Vault-operator will upgrade all nodes except the active node to keep service availability. After upgrade, 2 Vault nodes of the target version and 1 active node of the old version will exist.

Unseal all the upgraded nodes

After all upgraded nodes are unsealed, vault-operator will enforce the old version active node to step down and exit gracefully. One of the two new version standby nodes will take over and become active.