Currently the docs note that if using TLS a certificate error may occur when upgrading from 2.0.x to >=2.1, as mentioned in
K8S-1900. However, also mentioned in K8S-1900 is that upgrading from 2.0 (with or without TLS) also requires the cluster secret to be renamed. This is not documented, and would make sense to do so alongside the current note.
The current note is also in the 'Helm Deployment' page, and is not mentioned in the 'Upgrade a Deployment' section of the 'Helm Management' page - it may be worth mention there too.