Merge pull request #494 from redhatrises/upgrade_docs

feat: operator upgrade docs

docs/deployment/azure/README.md

@@ -118,6 +118,26 @@ The Image push secret is used by the operator to mirror the Falcon Container sen
 
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+To upgrade, run the following command:
+
+```sh
+kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
+```
+
+If you want to upgrade to a specific version, replace `latest` with the desired version number in the URL:
+
+```sh
+VERSION=1.2.3
+kubectl apply -f https://github.com/CrowdStrike/falcon-operator/releases/download/${VERSION}/falcon-operator.yaml
+```
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]

docs/deployment/eks-fargate/README.md

@@ -86,6 +86,26 @@ This document will guide you through the installation of the Falcon Operator and
 
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+To upgrade, run the following command:
+
+```sh
+kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
+```
+
+If you want to upgrade to a specific version, replace `latest` with the desired version number in the URL:
+
+```sh
+VERSION=1.2.3
+kubectl apply -f https://github.com/CrowdStrike/falcon-operator/releases/download/${VERSION}/falcon-operator.yaml
+```
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]

docs/deployment/eks/README.md

@@ -94,6 +94,26 @@ After the Falcon Operator has deployed, you can now deploy the Falcon Node Senso
 
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+To upgrade, run the following command:
+
+```sh
+kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
+```
+
+If you want to upgrade to a specific version, replace `latest` with the desired version number in the URL:
+
+```sh
+VERSION=1.2.3
+kubectl apply -f https://github.com/CrowdStrike/falcon-operator/releases/download/${VERSION}/falcon-operator.yaml
+```
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]

docs/deployment/generic/README.md

@@ -72,6 +72,26 @@ After the Falcon Operator has deployed, you can now deploy the Falcon Node Senso
 
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+To upgrade, run the following command:
+
+```sh
+kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
+```
+
+If you want to upgrade to a specific version, replace `latest` with the desired version number in the URL:
+
+```sh
+VERSION=1.2.3
+kubectl apply -f https://github.com/CrowdStrike/falcon-operator/releases/download/${VERSION}/falcon-operator.yaml
+```
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]

docs/deployment/gke/README.md

@@ -118,6 +118,26 @@ An image push secret is used by the operator to mirror Falcon Container image fr
 
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+To upgrade, run the following command:
+
+```sh
+kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
+```
+
+If you want to upgrade to a specific version, replace `latest` with the desired version number in the URL:
+
+```sh
+VERSION=1.2.3
+kubectl apply -f https://github.com/CrowdStrike/falcon-operator/releases/download/${VERSION}/falcon-operator.yaml
+```
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]

docs/deployment/openshift/README.md

@@ -284,6 +284,17 @@ To deploy to a custom namespace (replacing `falcon-system` as desired):
 </details>
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+When the operator was installed in OpenShift, the choice was given to use either an `Automatic` approval strategy or a `Manual` approval strategy.
+If an `Automatic` approval strategy was chosen, the operator will update itself when OpenShift detects a new version in the update channel.
+If a `Manual` approval strategy was chosen, the update must be approved for the operator to update. See [https://docs.openshift.com/container-platform/4.14/operators/admin/olm-upgrading-operators.html#olm-approving-pending-upgrade_olm-upgrading-operators](https://docs.openshift.com/container-platform/4.14/operators/admin/olm-upgrading-operators.html#olm-approving-pending-upgrade_olm-upgrading-operators).
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]
@@ -416,5 +427,15 @@ The sidecar sensor is not intended for OpenShift. If you installed it by mistake
   oc delete csv falcon-operator.v0.8.0 -n falcon-operator
   ```
 
+- Delete the Custom Resource Definitions (CRDs)
+  ```
+  oc delete crd $(oc get crd | grep falcon)
+  ```
+
+- Delete the operator namespace:
+  ```
+  oc delete project falcon-operator
+  ```
+
 </details>
 </details>

docs/install_guide.md

@@ -20,25 +20,20 @@ For an optimal experience, use the following preferred methods when installing f
 
 ## Upgrading
 
-### Operator Upgrades
-
-Currently, the CrowdStrike Falcon Operator does not support operator upgrades. To upgrade the operator, perform the following steps:
-
-1. Uninstall the deployed custom resources, the operator, and the CRDs (if they still exist).
-2. Install the newer operator and re-deploy the custom resources.
-
-### Sensor Upgrades
-
-Falcon Sensor management and upgrades are best handled by using GitOps methodologies and workflows. Multi-Cluster Management tools such as [Red Hat Advanced Cluster Management for Kubernetes](https://www.redhat.com/en/technologies/management/advanced-cluster-management) or [SuSE Rancher](https://www.rancher.com/products/rancher) can help when needing to scale management across multiple clusters from Git workflows.
-
-Using GitOps ensures several best operational and security practices around Kubernetes as it is the configuration management tool of Kubernetes:
+Falcon Operator and Sensor management and upgrades are best handled by using GitOps methodologies and workflows. Multi-Cluster Management tools such as [Red Hat Advanced Cluster Management for Kubernetes](https://www.redhat.com/en/technologies/management/advanced-cluster-management) or [SuSE Rancher](https://www.rancher.com/products/rancher) can help when needing to scale management across multiple clusters from Git workflows. Using GitOps ensures several best operational and security practices around Kubernetes as it is the configuration management tool of Kubernetes:
 
 1. Containers are immutable and are meant to be immutable. This means that a container should not be modified during its life: no updates, no patches, no configuration changes. Immutable containers ensures
    deployments are safe, consistently repeatable, and makes it easier to roll back an upgrade in case of a problem. If a container is modified or drifts from its original build, this could be an indication of an attack compromise.
 2. Kubernetes expands on the concept of container immutability by creating and coalescing around the concept of Immutable Infrastructure: changes e.g. upgrades deploy a new version with no upgrade in place.
 3. Latest versions of released components should always be used which means no more N-1, N-2, etc. for sensor deployments.
 4. No upgrades should happen outside the configuration management tool.
 
+### Operator Upgrades
+
+[See the individual deployment guides for commands on how to upgrade the operator](#kubernetes-distribution-installation-and-deployment). 
+
+### Sensor Upgrades
+
 To effectively deploy and use the Falcon sensor in a Kubernetes environment, the following is recommended for the reasons listed above:
 
 1. Copy the CrowdStrike sensor(s) to your own container registry.

docs/src/deployment/README.md.tmpl

@@ -111,13 +111,33 @@ After the Falcon Operator has deployed, you can now deploy the Falcon Node Senso
 - For Azure AKS workloads, you must disable the Azure Admissions Enforcer for the Falcon Admission Controller.
   Add the following annotation to the validating webhook configuration to disable the Azure Admissions Enforcer for the Falcon Admission Controller:
   ```sh
-  kubectl annotate validatingwebhookconfiguration validating.admission.falcon.crowdstrike.com admissions.enforcer/disabled=true
+  {{ .KubeCmd }} annotate validatingwebhookconfiguration validating.admission.falcon.crowdstrike.com admissions.enforcer/disabled=true
   ```
 
 {{- end }}
 
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+To upgrade, run the following command:
+
+```sh
+{{ .KubeCmd }} apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
+```
+
+If you want to upgrade to a specific version, replace `latest` with the desired version number in the URL:
+
+```sh
+VERSION=1.2.3
+{{ .KubeCmd }} apply -f https://github.com/CrowdStrike/falcon-operator/releases/download/${VERSION}/falcon-operator.yaml
+```
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]

docs/src/deployment/openshift/README.md

@@ -284,6 +284,17 @@ To deploy to a custom namespace (replacing `falcon-system` as desired):
 </details>
 </details>
 
+## Upgrading
+
+<details>
+  <summary>Click to expand</summary>
+
+When the operator was installed in OpenShift, the choice was given to use either an `Automatic` approval strategy or a `Manual` approval strategy.
+If an `Automatic` approval strategy was chosen, the operator will update itself when OpenShift detects a new version in the update channel.
+If a `Manual` approval strategy was chosen, the update must be approved for the operator to update. See [https://docs.openshift.com/container-platform/4.14/operators/admin/olm-upgrading-operators.html#olm-approving-pending-upgrade_olm-upgrading-operators](https://docs.openshift.com/container-platform/4.14/operators/admin/olm-upgrading-operators.html#olm-approving-pending-upgrade_olm-upgrading-operators).
+
+</details>
+
 ## Uninstalling
 
 > [!WARNING]
@@ -416,5 +427,15 @@ The sidecar sensor is not intended for OpenShift. If you installed it by mistake
   oc delete csv falcon-operator.v0.8.0 -n falcon-operator
   ```
 
+- Delete the Custom Resource Definitions (CRDs)
+  ```
+  oc delete crd $(oc get crd | grep falcon)
+  ```
+
+- Delete the operator namespace:
+  ```
+  oc delete project falcon-operator
+  ```
+
 </details>
 </details>