The procedure should be the following:
- Add new Intermediate PKI CAs for DSE (requirement for k8s 1.23)
- Prepare puppet and deployment-charts changes. Examples:
Don't merge them yet :)
- Run the sre.k8s.upgrade cookbook on a cumin node (without the dry run):
sudo cookbook --dry-run sre.k8s.upgrade-cluster --reason "Upgrade to k8s 1.23" --k8s-cluster "dse-eqiad" --os bullseye --etcd-wipe-only
As part of the cookbook you'll need to merge the patches prepared in 1), the cookbook will ask for them at the right moment.