Migrate from Previous C-VEN Versions (21.5.15 or Earlier)
This section outlines the steps to migrate a manually deployed Illumio installation to a Helm-managed deployment. Manually deployed (or non-Helm) deployments were used to configure and deploy C-VEN versions 21.5.15 and earlier, as well as Kubelink versions prior to 3.0.
To upgrade an existing Helm installation to a newer version, follow standard Helm practice with helm upgrade command.
Follow these general steps to migrate from a manually-deployed Illumio Core for Kubernetes to a Helm Chart deployment:
Annotate and label resources.
Delete C-VEN DaemonSet.
Install Helm and the Helm Chart.
Annotate and Label Resources
From Helm version 3.0.0 on, Helm supports adopting already-deployed resources with the correct name, annotations, and labels.
Required annotations and labels are:
annotations: meta.helm.sh/release-name: illumio meta.helm.sh/release-namespace: illumio-system labels: app.kubernetes.io/managed-by: Helm
To annotate and label all Illumio resources, use the commands below (provided the names of resources match your deployment). Note the --overwrite flag which replaces any existing ownership annotations that might be already assigned.
kubectl -n illumio-system annotate secret illumio-ven-config meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate secret illumio-ven-config meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label secret illumio-ven-config app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate secret illumio-kubelink-config meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate secret illumio-kubelink-config meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label secret illumio-kubelink-config app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate serviceaccount illumio-ven meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate serviceaccount illumio-ven meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label serviceaccount illumio-ven app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate clusterrole illumio-kubelink meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate clusterrole illumio-kubelink meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label clusterrole illumio-kubelink app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate clusterrolebinding illumio-ven meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate clusterrolebinding illumio-ven meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label clusterrolebinding illumio-ven app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate clusterrole illumio-ven meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate clusterrole illumio-ven meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label clusterrole illumio-ven app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate serviceaccount illumio-kubelink meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate serviceaccount illumio-kubelink meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label serviceaccount illumio-kubelink app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate deployment illumio-kubelink meta.helm.sh/ release-name=illumio --overwrite kubectl -n illumio-system annotate deployment illumio-kubelink meta.helm.sh/ release-namespace=illumio-system --overwrite kubectl -n illumio-system label deployment illumio-kubelink app.kubernetes.io/ managed-by=Helm --overwrite kubectl -n illumio-system annotate clusterrolebinding illumio-kubelink meta.helm.sh/release-name=illumio --overwrite kubectl -n illumio-system annotate clusterrolebinding illumio-kubelink meta.helm.sh/release-namespace=illumio-system --overwrite kubectl -n illumio-system label clusterrolebinding illumio-kubelink app.kubernetes.io/managed-by=Helm --overwrite
The output should look similar to this:
... clusterrolebinding.rbac.authorization.k8s.io/illumio-kubelink annotated clusterrolebinding.rbac.authorization.k8s.io/illumio-kubelink annotated clusterrolebinding.rbac.authorization.k8s.io/illumio-kubelink labeled
Delete C-VEN DaemonSet
The next step is removing the C-VEN DaemonSet. Save any custom labels and validations included in the DaemonSet and reapply them later.
kubectl delete daemonset illumio-ven -n illumio-system
Install Helm
The final step is to install Helm and the Helm Chart for Illumio Core on Kubernetes. Follow the steps in Deploy with Helm Chart. Filling in the fields in illumio-values.yaml is still mandatory.