New and Changed Information
The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.
Cisco APIC Release Version |
Feature |
Description |
---|---|---|
5.1(x) |
-- |
Adds instructions for using acc-provision, depending on the release version, in two sections: |
3.0 and later. |
-- |
This document was created. |
Cisco ACI CNI Plug-in Upgrade
This document describes how to upgrade the Cisco Application Centric Infrastructure (ACI) Container Network Interface (CNI) Plug-in, including guidelines and disruptive and nondisruptive upgrade methods.
Guidelines for Upgrading the Cisco ACI CNI Plug-in
You need to have the following in order to use or upgrade the Cisco Application Centric Infrastructure (ACI) Plug-in:
-
Cisco Application Policy Infrastructure Controller
-
Switches from the EX family or later
See the Cisco ACI and Cisco APIC documentation on Cisco.com for details.
You may not need to upgrade both Cisco Application Centric Infrastructure (ACI) and Container Network Interface (CNI) Plug-in at the same time. A specific version of the Cisco ACI CNI Plug-in can be compatible with multiple instances of Cisco Application Policy Infrastructure Controller (APIC) and multiple versions of Cisco ACI leaf firmware.
For information about compatibility, see the Cisco ACI Virtualization Compatibility Matrix on Cisco.com.
Upgrading the Cisco ACI Plug-in
All the components of the Cisco Application Centric Infrastructure(ACI) Container Network Interface (CNI) Plug-in are containerized. Upgrading the Cisco ACI CNI component follows the same model of a normal Kubernetes or OpenShift application update.
The upgrade process upgrades both the control plane and the data plane of the Cisco ACI CNI Plug-in.
The control plane consists of the following pods:
-
aci-containers-controller
-
aci-containers-host
-
aci-containers-operator
The data plane consists of the container aci-containers-openvswitch.
The following section includes two upgrade procedures:
-
Nondisruptive upgrade: This workflow takes extra steps to minimize traffic disruption.
-
Disruptive upgrade: This workflow is ideal for environments where traffic disruption is not a concern, such as labs, and reduces the required upgrade time.
Generating an Updated Cisco ACI CNI Configuration
Before you can upgrade the Cisco Application Centric Infrastructure (ACI) Container Network Interface (CNI) plug-in, you must generate an updated Cisco ACI CNI configuration.
Procedure
Step 1 |
Download the new version of the Cisco ACI CNI plug-in that you need for your environment and install it on your master nodes by completing the following steps:
|
Step 2 |
Copy the private key and certificate in the same folder of your ACI CNI JSON configuration file. Communications between Cisco Application Policy Infrastructure Controller (APIC) and aci-containers-controller uses certificate-based authentication. The certificates are generated by acc-provision when the cluster is set up the first time and are saved locally. |
Step 3 |
Ensure that in your current working directory you have the key and certificate files that were generated by acc-provision previously. If you don’t have these files, you can use a new executable that is called acc-retrieve-cert to retrieve them. You can run the executable by using one of the two variants of the acc-retrieve-cert command:
or
|
Step 4 |
If the current cluster was provisioned with a Cisco ACI CNI version earlier than 5.0, you must add the following configuration in the aci_cni_original_config.yaml file:
|
Step 5 |
Generate the updated Cisco ACI CNI container configuration based on the original Cisco ACI CNI configuration file by executing the following commands: When using an acc-provision release 5.1 or later:
Example:
When using acc-provision release earlier than 5.1: acc-provision -f flavor -c aci_cni_original_config.yaml -a -o aci_cni_new_config.yaml Example:
|
What to do next
Upgrade the Cisco ACI CNI plug-in, using either the disruptive or nondisruptive method.
Nondisruptively Upgrading the Cisco ACI CNI Plug-in
The steps in this procedure upgrade all Cisco Application Centric Infrastructure (ACI) Container Network Interface (CNI) Plug-in plug in containers nondisruptively.
Before you begin
You must have followed the guidelines, fulfilled the prerequisites, and upgrading the Cisco ACI CNI configuration.
Procedure
Step 1 |
Complete one of the following actions:
|
||||||||||
Step 2 |
Apply the new Cisco ACI CNI configuration. This step immediately upgrades the aci-containers-controller and the aci-containers-operators containers. However no upgrade should take place for the aci-containers-host and aci-containers-openvswitch containers. Example:
Example:
|
||||||||||
Step 3 |
Disable scheduling and drain the first node to undergo the upgrade.
Example:
Example:
|
||||||||||
Step 4 |
Get the list of pods that are currently running on the node that has been evacuated or drained. Only DaemonSet should be present. Example:
Example:
Example:
|
||||||||||
Step 5 |
Restart the Cisco ACI CNI DaemonSets. Example:
Example:
Example:
|
||||||||||
Step 6 |
Wait until aci-containers-openvswitch and aci-containers-host containers are restarted on the drained node. |
||||||||||
Step 7 |
Uncordon the node. Example:
Example:
|
||||||||||
Step 8 |
Repeat Step 3 through Step 7 for all the remaining nodes. |
Disruptively Upgrading the Cisco ACI CNI Plug-in
The steps in this procedure upgrade all Cisco Application Centric Infrastructure (ACI) Container Network Interface (CNI) Plug-in containers in a rolling upgrade. This method upgrades the Cisco ACI CNI Plug-in more quickly than the nondisruptive method—but is disruptive.
Before you begin
You must have followed the guidelines, fulfilled the prerequisites, and upgrading the Cisco ACI CNI Plug-in configuration.
Procedure
Step 1 |
Apply the new Cisco ACI CNI Plug-in configuration. This step starts the rolling upgrade. Example:
Example:
|
Step 2 |
Wait a few minutes, and then verify that all the daemons are set to UP-TO-DATE and AVAILABLE. Example:
Example:
Example:
|