...
2.2.5.3 Policy Upgrade and Rollback
<Upgrade existing policy>
There are a number of options for managing policy upgrade and rollback.
The most straightforward option is to use the approach described in section 2.2.5
...
.2 for upgrading and rolling back policy sets. In order to upgrade a policy set, one follows the process in 2.2.5.2 with the new policy set version. For rollback, one follows the process in section 2.2.5.2 with the older policy set, most probably setting the old policy set into ACTIVE mode immediately. The advantage of this option is that the approach is straightforward. The obvious disadvantage is that the PDP group is not executing on the target environment while the new policy set is in PASSIVE, TEST, and SAFE mode.
An enhancement of the bullet above is to have a "standby" PDP group as a K8s service in parallel with the active one, and we simply switch between active and standby services to do upgrade/rollback
A third way is to have two policy sets running in each PDP, an active set and a standby set<Rollback to stable>
2.2.6 Policy Monitoring
*******
...