Auto-upgrades for Config Sync in GKE Enterprise now in preview
Kavitha Gowda
Product Manager, Google Cloud
Haiyan Meng
Software Engineer, Google Cloud
Config Sync, Google Cloud’s fully managed GitOps offering for Google Kubernetes Engine (GKE) Enterprise edition, lets cluster operators and platform administrators deploy configurations and applications from a source of truth. And today, we’re announcing a new auto-upgrades feature in preview, letting you automatically upgrade Config Sync versions and oversee the lifecycle of Config Sync components.
Auto-upgrade is an opt-in feature available for new and existing Config Sync installations. Customers who prefer to manage Config Sync versions manually can do so by opting out of auto-upgrades.
Benefits:
-
Low maintenance overhead: Platform teams can avoid having to monitor for newer versions and manually installing Config Sync across their clusters, which greatly reduces overhead in large-scale deployments.
-
Maintained supported: With automatic rollouts of Config Sync versions, Google Cloud maintains the supported version in your clusters.
-
Enforced reliability: Google Cloud manages Config Sync components and reconciles the components in case of any changes.
Release channels and maintenance window
Config Sync provides auto-upgrades that match GKE release channels — rapid, regular and stable. These versions are matched with GKE release channel settings on your cluster to upgrade as it becomes available. You can find the supported release channel versions here.
In the event that there are no GKE release channel settings on your cluster, Config Sync uses a stable version. Also, auto-upgrades adheres to the maintenance window specified for your cluster.
Enabling Config Sync auto-upgrades
Existing and new installations of GKE Enterprise clusters with Config Sync enabled can opt in to auto-upgrades through the Google Cloud console or gcloud commands. Now in preview, this feature allows you to enable auto-upgrades on individual clusters or as a fleet-level default setting to sync across fleet clusters and apply settings automatically on a new cluster that was “born in the fleet”. For the duration of the preview, once auto-upgrades is enabled, you will not be able to revert back to manual upgrades.
Enable Config Sync with auto-upgrades as fleet-level default setting
As demonstrated in the example below, fleet-level default settings enable Config Sync auto-upgrades across fleet clusters from a single, centralized location, rather than requiring modifications to the settings of each cluster individually.
To enable automatic upgrades, you must first activate the GKE-Enterprise API. Enable Config Sync auto-upgrades as the fleet-level default setting and synchronize the default across all your selected clusters in the fleet. Following synchronization, Config Sync is deployed with the automatic upgrades feature across the selected fleet clusters, provided that Config Sync is not already installed on those clusters. If Config Sync is already installed, only the automatic upgrade feature is updated as a configuration on those clusters.
As demonstrated, Config Sync is installed on the clusters with versions determined by the GKE release channel of the cluster. In the absence of a specified channel, a stable version is selected for installation.
In the example below, two clusters have Config Sync installed to version 1.15.0 but do not have the auto-upgrades feature enabled. After fleet-level default settings are synchronized to these two clusters, the Config Sync configuration is modified to reflect auto-upgrades. It is important to note that the clusters remain at version 1.15.0 after syncing because Google Cloud imposes a 24-hour cooling-off period before upgrading clusters with newly enabled auto-upgrades. Other factors that can affect the timing of version upgrades include cluster creation, a cluster upgrade, the maintenance window specified for the cluster, and new versions being added to the release channels.
With auto-upgrades enabled, Config Sync manages and upgrades its versions as newer versions become available in the respective release channels during each cluster’s specified maintenance window. As shown in the below demonstration, the clusters were updated when new versions were pushed. Example: no-channel-cluster-1 and no-channel-cluster-2 underwent an upgrade from version 1.15.0 to version 1.15.1, as version 1.15.1 was introduced into the stable channel. Furthermore, the migrate-1150-rapid cluster was upgraded to version 1.17.1, aligning with the designated rapid channel version.
Enabling auto-upgrades on individual fleet clusters
Alternatively, you can enable auto-upgrade on individual clusters registered to the fleet using the console and gcloud commands. A new installation of Config Sync on a fleet cluster offers the option to select automatic or manual upgrades. Using the console, you can also select multiple fleet clusters to install Config Sync with auto-upgrades.
For fleet clusters with Config Sync currently installed, the cluster configuration settings can be edited on individual fleet clusters to select automatic upgrades. Once upgraded to auto-upgrades, you cannot revert back to manual upgrades.
Read more
Overall, enabling auto-upgrades on Config Sync gives you hands-free management of Config Sync, so you can stay supported on the appropriate versions for your cluster. To learn more about getting started with Config Sync, check out the following resources:
-
Learn how to manage cluster configuration at scale and apply the same configs in hybrid environments with Config Sync in this reference architecture.
-
Dive deep with Goldman Sachs to learn about high-scale cluster resource management and configuration using Config Sync.
-
Learn about creating multiple GitOps cluster-scope and namespace-scope configurations.