From af6da47e585e04734c197cae9663a29791bcca74 Mon Sep 17 00:00:00 2001
From: Lingxian Kong <anlin.kong@gmail.com>
Date: Wed, 25 Jul 2018 23:26:04 +1200
Subject: [PATCH] Add upgrade description to release note

Change-Id: I771ecd07b6f51fd195f81cf0d5b1c48b1e88f4af
Story:2001585
Task:6534
---
 .../notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml     | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml b/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml
index c3a79411..67131bc1 100644
--- a/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml
+++ b/releasenotes/notes/isolate-k8s-pods-617fec5dc5fbd2d8.yaml
@@ -1,8 +1,12 @@
 ---
 security:
   - |
-    When using Kubernetes as the orchestrator, Qinling will create Kubernetes 
-    pods to run executions of functions. In Kubernetes, pods are non-isolated 
-    unless the NetworkPolicy is configured and enforced. In Qinling, we create 
-    NetworkPolicy to disable the communication between pods and the traffic 
+    When using Kubernetes as the orchestrator, Qinling will create Kubernetes
+    pods to run executions of functions. In Kubernetes, pods are non-isolated
+    unless the NetworkPolicy is configured and enforced. In Qinling, we create
+    NetworkPolicy to disable the communication between pods and the traffic
     from outside the cluster.
+upgrade:
+  - Re-apply the Kubernetes manifest file to grant NetworkPolicy resource
+    operation permission to ``qinling`` user in Kubernetes,
+    ``curl -sSL https://raw.githubusercontent.com/openstack/qinling/master/example/kubernetes/k8s_qinling_role.yaml | kubectl apply -f -``