From the values.yaml for Helm we have the following:
We need to explain this bit better, when customer set this to true, the Operator will actually go through the process of creating the certs (https://docs.couchbase.com/operator/current/tutorial-tls.html#creating-a-client-certificate) and then create and config the secrets (https://docs.couchbase.com/operator/current/howto-tls.html) for the cluster.
This causes an issue with upgrade as noted in https://issues.couchbase.com/browse/K8S-1900 because with Operator 2.1 requires an extra SAN
Without this, when upgrading the Operator will report this error:
We need to document the workaround, which is to regenerate the secrets using the values.yaml with the 2.1 chart
helm template demo --values values.yaml couchbase/couchbase-operator > secretsdemo.yaml
Then replace the secrets, after this we can then proceed to upgrade the Operator.