Add upgrade description to release note

Change-Id: I771ecd07b6f51fd195f81cf0d5b1c48b1e88f4af Story:2001585 Task:6534
2018-07-25 23:26:04 +12:00 · 2018-07-25 23:26:04 +12:00 · af6da47e58
parent ce6d7e0f64
commit af6da47e58
1 changed files with 8 additions and 4 deletions
--- a/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml
+++ b/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml
@ -1,8 +1,12 @@
 ---
 security:
  - |
-    When using Kubernetes as the orchestrator, Qinling will create Kubernetes 
-    pods to run executions of functions. In Kubernetes, pods are non-isolated 
-    unless the NetworkPolicy is configured and enforced. In Qinling, we create 
-    NetworkPolicy to disable the communication between pods and the traffic 
+    When using Kubernetes as the orchestrator, Qinling will create Kubernetes
+    pods to run executions of functions. In Kubernetes, pods are non-isolated
+    unless the NetworkPolicy is configured and enforced. In Qinling, we create
+    NetworkPolicy to disable the communication between pods and the traffic
    from outside the cluster.
+upgrade:
+  - Re-apply the Kubernetes manifest file to grant NetworkPolicy resource
+    operation permission to ``qinling`` user in Kubernetes,
+    ``curl -sSL https://raw.githubusercontent.com/openstack/qinling/master/example/kubernetes/k8s_qinling_role.yaml | kubectl apply -f -``