In previous CloudBees CD/RO releases, a unified CloudBees Software Delivery Automation Helm chart was delivered to install CloudBees CI, CloudBees CD/RO, and CloudBees Analytics in Kubernetes environments. However, starting with CloudBees CD/RO release v2025.03.0, the CloudBees Software Delivery Automation Helm chart was deprecated and is not supported for future releases.
Prior to upgrading CloudBees CD/RO or CloudBees Analytics to v2025.03.0 or later, you must migrate your current CloudBees CI and CloudBees CD/RO Kubernetes deployments from using the CloudBees Software Delivery Automation Helm chart to using the standalone Helm charts for each product.
CloudBees has developed procedures and a migration script to help you. The following content guides you through the processes.
|
These processes only migrates your current CloudBees CI and CloudBees CD/RO Kubernetes deployments from the CloudBees Software Delivery Automation Helm chart to the standalone Helm charts for each product. No other changes or upgrades are intended to be part of this process. For more information, contact your CloudBees support representative. |
Before you start
Before you start migrating from the unified CloudBees Software Delivery Automation Helm charts to the CloudBees CD/RO and CloudBees CI product Helm charts:
-
The migration and rollback scripting provided on this page uses your existing CloudBees Software Delivery Automation deployment. It is critical that you do not delete the CloudBees Software Delivery Automation namespace before, during, or after this migration.
-
CloudBees recommends backing up your CloudBees CI data prior to performing any steps list on this page. For more information, refer to the CloudBees CI Backup and restore on Kubernetes.
Your CloudBees CI data should not be affected by this migration, and backing up your data is not explicitly required. However, in the event of unforeseen cluster errors, this data may be necessary to recover your previous deployment. -
CloudBees recommends backing up your CloudBees CD/RO and CloudBees Analytics data. For more information, refer to:
Your CloudBees CD/RO data should not be affected by this migration, and backing up your data is not explicitly required. However, in the event of unforeseen cluster errors, this data may be necessary to recover your previous deployment.
Prerequisites for migration
The following prerequisites must be met prior to performing the migrations steps on this page:
-
You must have adequate permissions within the Kubernetes cluster to access, create, and delete resources.
-
You must have the following third-party tools installed on your machine and accessible by the migration and rollback scripting:
-
Helm 3 must be installed. For installation instructions, refer to the Helm installation documentation.
-
yqmust be installed. For installation instructions, refer to the yq installation documentation.
If these tools are not available, the migration script will fail.
-
Migration overview
There are multiple procedures you must perform as part of the CloudBees Software Delivery Automation migration process:
| If you encounter any issues after running the migration script, refer to Rollback Helm chart migration. |
Assign product Helm chart variables
As part of the migration, you must assign the Helm charts versions of your CloudBees CI and CloudBees CD/RO deployments to the following environment variables:
-
CloudBees CI:
CI_CORE_CHART_VERSION -
CloudBees CD/RO:
CDRO_FLOW_CHART_VERSION
The following sections provides the steps on how to retrieve and assign these values.
|
For the migration scripting to successfully run, you must perform the steps in both: |
Assign CloudBees CI Helm chart variable
To assign the CloudBees CI Helm chart variable:
Expand CloudBees CI Helm chart instructions
-
Log in to your CloudBees CI instance.
-
Scroll to the bottom of the screen, and record your CloudBees CI version (example:
2.492.1.3). -
Assign this value to
CI_VERSION:CommandExampleCI_VERSION="<YOUR-CI-VERSION>"CI_VERSION="2.492.1.3" -
Run the following command to add/update the CloudBees Helm chart repository:
helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update -
Run the following command to assign the corresponding Helm chart version to
CI_CORE_CHART_VERSION:CommandExampleCI_CORE_CHART_VERSION=$(helm search repo cloudbees/cloudbees-core --versions | grep $CI_VERSION | awk '{print $2}') export CI_CORE_CHART_VERSION echo $CI_CORE_CHART_VERSION# For this example, the CI_VERSION="2.492.1.3". CI_CORE_CHART_VERSION=$(helm search repo cloudbees/cloudbees-core --versions | grep $CI_VERSION | awk '{print $2}') export CI_CORE_CHART_VERSION echo $CI_CORE_CHART_VERSION 3.21450.0+3eb0dca20e40
Now that you have your CloudBees CI Helm chart version, proceed to Assign CloudBees CD/RO Helm chart variable.
Assign CloudBees CD/RO Helm chart variable
To assign the CloudBees CD/RO Helm chart variable:
Expand CloudBees CD/RO Helm chart instructions
-
Log in to your CloudBees CD/RO instance.
-
Select the user profile icon the upper-right corner, and then select About.
-
Record your CloudBees CD/RO Build Version (example:
2024.12.0.177508). -
Assign this value to
CDRO_VERSION:CommandExampleCDRO_VERSION="<YOUR-CDRO-VERSION>"CDRO_VERSION="2024.12.0.177508" -
Run the following command to add/update the CloudBees Helm chart repository:
helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update -
Run the following command to assign the corresponding Helm chart version to
CDRO_FLOW_CHART_VERSION:CommandExampleCDRO_FLOW_CHART_VERSION=$(helm search repo cloudbees/cloudbees-flow --versions | grep "$CDRO_VERSION" | awk '{print $2}' | head -n1) export CDRO_FLOW_CHART_VERSION echo $CDRO_FLOW_CHART_VERSION# For this example, the CDRO_VERSION="2024.12.0.177508". CDRO_FLOW_CHART_VERSION=$(helm search repo cloudbees/cloudbees-flow --versions | grep "$CDRO_VERSION" | awk '{print $2}' | head -n1) export CDRO_FLOW_CHART_VERSION echo $CDRO_FLOW_CHART_VERSION 2.32.0
Now that you have your CloudBees CD/RO Helm chart versions, proceed to Assign environment variables.
Assign environment variables
As part of the migration process, you must set the following environment variables for your Kubernetes deployment:
|
Check each variable below, and update them for your environment. Failing to have these variables assigned will result in the migration script failing. Additionally, if you have not already assigned the |
# Existing values # Your SDA Namespace & SDA Helm release name export SDA_NAMESPACE="sda" export RELEASE_NAME_SDA="cloudbees-sda" # New values # Set your new release Names & Nginx namespace # NOTE: The nginx controller is only installed if you installed a nginx-controller as part of the SDA chart. export NEW_RELEASE_NAME_CDRO="cloudbees-flow" export NEW_RELEASE_NAME_CI="cloudbees-core" export NEW_RELEASE_NAME_NGINX="ingress-nginx" export NEW_NGINX_NAMESPACE="cloudbees-ingress-nginx"
Now that you have set the required environment variables, proceed to Migrate Helm charts.
Migrate Helm charts
CloudBees has provided an automation script to migrate your CloudBees Software Delivery Automation Helm chart values to the standalone CloudBees CI and CloudBees CD/RO Helm charts.
|
You must have completed the steps in the following sections before attempting this procedure: Failing to do so will result in the automation script failing. |
This script does the following:
-
Creates backups of your secrets, PVCs, and passkey & keystore files.
-
Encodes the passkey & keystore backups.
-
Checks for any labels and patches them as needed.
-
Creates copies of the CloudBees CD/RO and CloudBees CI values from the CloudBees Software Delivery Automation chart.
-
Uninstalls the CloudBees Software Delivery Automation Helm chart.
-
Creates patches for secrets and PVCs.
-
Installs the Helm charts for CloudBees CD/RO, CloudBees CI, and Nginx controller (as applicable), and then patches your previous values.
The migration and rollback scripting provided on this page uses your existing CloudBees Software Delivery Automation deployment. It is critical that you do not delete the CloudBees Software Delivery Automation namespace before, during, or after this migration.
To migrate from the CloudBees Software Delivery Automation Helm chart to the standalone product Helm charts:
-
Create a copy of the following
sda-helm-chart-migration.sh:Expand
sda-helm-chart-migration.sh#!/bin/bash set -e rollbackToSDA(){ echo -e "\n" echo "Stopping here and starting rollback ..." echo -e "\n" #kubectl create -f secret/ 2>&1 | grep -v "AlreadyExists" for i in $(ls secret/*.yaml); do SECRET_NAME=$(basename $i .yaml) if kubectl get secret "$SECRET_NAME" -n ${SDA_NAMESPACE} >/dev/null 2>&1; then echo "Secret $SECRET_NAME already exists. Deleting it..." kubectl delete secret "$SECRET_NAME" -n ${SDA_NAMESPACE} fi echo "\n" # Now create the secret echo "Creating secret from $i..." kubectl create -f "$i" done echo "Rollback to SDA chart..." helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update helm install ${RELEASE_NAME_SDA} cloudbees/cloudbees-sda --version ${SDA_CHART_VERSION} -f ${RELEASE_NAME_SDA}-values.yaml \ --set-file cd.server.customConfig.passkey\\.b64=keys/passkey.b64 \ --set-file cd.server.customConfig.keystore\\.b64=keys/keystore.b64 \ --set cd.database.existingSecret=${EXISTING_FLOW_DB_SECRET} \ --set cd.analytics.credentials.existingSecret=${EXISTING_ANALYTICS_SECRET} \ --set cd.dois.credentials.existingSecret=${EXISTING_DOIS_SECRET} \ --set cd.flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --set cd.boundAgent.flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --timeout 4200s \ -n ${SDA_NAMESPACE} echo -e "\n" echo "Waiting for 2 mins to set up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo -e "\n" echo "SDA chart rollback completed" echo -e "\n" echo "Your ingress IP may have changed during rollback." echo "Run: kubectl get ingress -n ${SDA_NAMESPACE}" echo "Verify the IP, and update your DNS as needed." exit 0 } # No need to set values for these EXISTING_FLOW_DB_SECRET="" EXISTING_ANALYTICS_SECRET="" EXISTING_DOIS_SECRET="" EXISTING_FLOW_CRED_SECRET="" SDA_CHART_VERSION="" # default_name="cloudbees-flow" # secret_name="" echo "Checking prerequisites..." # Verifying yq installation if ! command -v yq > /dev/null 2>&1; then echo "yq is not installed. Install yq before proceeding. Exiting script..." exit 1 fi # Verifying base64 installation if ! command -v base64 > /dev/null 2>&1; then echo "Error: base64 is not installed. Install base64 before proceeding. Exiting script..." exit 1 fi # Checking required environment variables if [ -z "$SDA_NAMESPACE" ] || [ -z "$RELEASE_NAME_SDA" ] || [ -z "$NEW_RELEASE_NAME_CDRO" ] || [ -z "$NEW_RELEASE_NAME_CI" ] || [ -z "$NEW_RELEASE_NAME_NGINX" ] || [ -z "$NEW_NGINX_NAMESPACE" ] || [ -z "$CDRO_FLOW_CHART_VERSION" ] || [ -z "$CI_CORE_CHART_VERSION" ]; then echo "Error: The following required environment variables are not set:" [ -z "$SDA_NAMESPACE" ] && echo " - SDA_NAMESPACE" [ -z "$RELEASE_NAME_SDA" ] && echo " - RELEASE_NAME_SDA" [ -z "$NEW_RELEASE_NAME_CDRO" ] && echo " - NEW_RELEASE_NAME_CDRO" [ -z "$NEW_RELEASE_NAME_CI" ] && echo " - NEW_RELEASE_NAME_CI" [ -z "$NEW_RELEASE_NAME_NGINX" ] && echo " - NEW_RELEASE_NAME_NGINX" [ -z "$NEW_NGINX_NAMESPACE" ] && echo " - NEW_NGINX_NAMESPACE" [ -z "$CDRO_FLOW_CHART_VERSION" ] && echo " - CDRO_FLOW_CHART_VERSION" [ -z "$CI_CORE_CHART_VERSION" ] && echo " - CI_CORE_CHART_VERSION" exit 1 fi # Validating the SDA namespace provided if ! kubectl get namespace "$SDA_NAMESPACE" >/dev/null 2>&1; then echo "The ${SDA_NAMESPACE} namespace is not available in your cluster. Exiting script..."; exit 1; fi # Validating the SDA namespace provided if ! helm list -n ${SDA_NAMESPACE} | awk '{print $1}' | grep -v NAME | grep "^${RELEASE_NAME_SDA}$" ; then echo "The ${RELEASE_NAME_SDA} release is not available in ${SDA_NAMESPACE} namespace. Exiting script..."; exit 1; else export SDA_CHART_VERSION=$(helm list -n ${SDA_NAMESPACE} | awk -v n="$RELEASE_NAME_SDA" '{ if ($1 == n) print $9 }' | cut -d'-' -f3-) fi # #checking keystore and passkey # cdServerPod=$(kubectl get pod -l app=flow-server -o jsonpath='{.items[*].metadata.name}' -n ${SDA_NAMESPACE}); # keystore_found=$(kubectl exec -it $cdServerPod -c flow-server -n ${SDA_NAMESPACE} -- ls /opt/cbflow/conf | grep keystore) # passkey_found=$(kubectl exec -it $cdServerPod -c flow-server -n ${SDA_NAMESPACE} -- ls /opt/cbflow/conf | grep passkey) # # If either keystore or passkey is not found, exit the script # if [[ -z "$keystore_found" || -z "$passkey_found" ]]; then # echo "Error: Either 'keystore' or 'passkey' is missing in flow server pod: ${cdServerPod}. Exiting.." # exit 1 # fi echo "RELEASE_NAME_SDA:${RELEASE_NAME_SDA}:${SDA_CHART_VERSION}" > env-vars.txt echo "SDA_NAMESPACE:${SDA_NAMESPACE}" >> env-vars.txt echo "NEW_RELEASE_NAME_CDRO:${NEW_RELEASE_NAME_CDRO}" >> env-vars.txt echo "NEW_RELEASE_NAME_CI:${NEW_RELEASE_NAME_CI}" >> env-vars.txt echo "NEW_RELEASE_NAME_NGINX:${NEW_RELEASE_NAME_NGINX}" >> env-vars.txt echo "NEW_NGINX_NAMESPACE:${NEW_NGINX_NAMESPACE}" >> env-vars.txt echo "CDRO_FLOW_CHART_VERSION:${CDRO_FLOW_CHART_VERSION}" >> env-vars.txt echo "CI_CORE_CHART_VERSION:${CI_CORE_CHART_VERSION}" >> env-vars.txt cat env-vars.txt echo -e "\n" echo "Prerequisite verification completed!" echo -e "\n" read -p "Would you like to continue the SDA chart deprecation? (y/n): " answer if [[ "$answer" =~ ^[Yy]$ ]]; then echo "Great! Let's continue..." else echo "Stopping here. Exiting script..." exit 0 fi # Creating required directories mkdir -p secret pvc keys mkdir -p secret/helm # Taking Helm release manifest backup echo "**** Taking Helm manifest backups ****" helm get values $RELEASE_NAME_SDA -n $SDA_NAMESPACE > ${RELEASE_NAME_SDA}-values.yaml helm get all $RELEASE_NAME_SDA -n $SDA_NAMESPACE > ${RELEASE_NAME_SDA}-all.yaml cat ${RELEASE_NAME_SDA}-all.yaml | yq 'select(.cd != null) | .cd' 2> /dev/null > cd.yaml | true cat ${RELEASE_NAME_SDA}-all.yaml | yq 'select(.ci != null) | .ci' 2> /dev/null > ci.yaml | true cat ${RELEASE_NAME_SDA}-all.yaml | yq 'select(.ingress-nginx != null) | .ingress-nginx' 2> /dev/null > ingress-nginx.yaml | true echo "**** Helm manifest backups completed ****" [ ! -f ${RELEASE_NAME_SDA}-values.yaml ] && echo "ERROR: ${RELEASE_NAME_SDA}-values.yaml file not found" && exit 1 if ! grep -Eq "ci:|cd:" "${RELEASE_NAME_SDA}-values.yaml" ; then echo "${RELEASE_NAME_SDA}-values.yaml does not contain either CI or CD/RO values."; echo "Verify ${RELEASE_NAME_SDA}-values.yaml"; fi echo "**** Taking secret manifest backups ****" for i in `kubectl get secret -n ${SDA_NAMESPACE} --no-headers | awk '{print $1}'`; do if [[ "$i" == *"sh.helm.releas"* ]]; then kubectl get secret $i -n ${SDA_NAMESPACE} -o yaml > secret/helm/${i}.yaml echo "${i} secret backups completed." else kubectl get secret $i -n ${SDA_NAMESPACE} -o yaml > secret/${i}.yaml echo "${i} secret backups completed." fi done echo "**** All secret manifest backups completed ****" echo -e "\n" echo "**** Taking PVC manifest backups ****" for i in `kubectl get pvc -n ${SDA_NAMESPACE} --no-headers | awk '{print $1}'`; do kubectl get pvc $i -n ${SDA_NAMESPACE} -o yaml > pvc/${i}.yaml echo "${i} PVC backups completed." done echo "**** All PVC backup manifests are complete ****" echo -e "\n" cdServerPod=$(kubectl get pod -l app=flow-server -o jsonpath='{.items[*].metadata.name}' -n ${SDA_NAMESPACE}); echo "Server pod name: $cdServerPod" # echo -e "\n" # echo "**** passkey & keystore file check ****" kubectl exec -it $cdServerPod -c flow-server -n ${SDA_NAMESPACE} -- ls /opt/cbflow/conf | grep keystore && kubectl exec -it $cdServerPod -c flow-server -n ${SDA_NAMESPACE} -- ls /opt/cbflow/conf | grep passkey if [[ $? -eq 0 ]]; then # echo "**** Both keystore and passkey found ****" # echo -e "\n" echo "**** Taking keystore & passkey backups ****" kubectl cp -c flow-server ${SDA_NAMESPACE}/${cdServerPod}:/opt/cbflow/conf/keystore keys/keystore kubectl cp -c flow-server ${SDA_NAMESPACE}/${cdServerPod}:/opt/cbflow/conf/passkey keys/passkey echo "**** Keystore & passkey backups completed ****" echo -e "\n" else echo "Error: Either the keystore or passkey was not found. Exiting script..." exit 1 fi echo "**** Encoding the keystore and passkey ****" base64 -i keys/keystore > keys/keystore.b64 base64 -i keys/passkey > keys/passkey.b64 file_count=$(ls keys | wc -l) # If the number of files is not 4, exit with an error if [[ "$file_count" -ne 4 ]]; then echo "Error: Keystore or passkey was not copied from pod or were not properly encoded. Exiting script..." exit 1 fi ls -l keys echo "**** Encoding completed ****" echo -e "\n" mkdir -p secret/update echo "**** Updating labels ****" for i in "secret/"*.yaml do if [[ "${i}" == *"-db.yaml" ]] || [[ "${i}" == *"-analytics.yaml" ]] || [[ "${i}" == *"-dois.yaml" ]] || [[ "${i}" == *"-credentials.yaml" ]] || [[ "${i}" == *"mariadb-initdb-secret.yaml" ]]; then echo "name: $i" cat $i |sed "s/release-name: ${RELEASE_NAME_SDA}/release-name: ${NEW_RELEASE_NAME_CDRO}/g" > secret/update/$(echo "$i" | cut -d '/' -f2) case $i in *-db.yaml) export EXISTING_FLOW_DB_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *-analytics.yaml) export EXISTING_ANALYTICS_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *-dois.yaml) export EXISTING_DOIS_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *-credentials.yaml) export EXISTING_FLOW_CRED_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *mariadb-initdb-secret.yaml) echo "Do nothing..." ;; *) echo "Invalid secret" exit 1; ;; esac fi done echo "**** Label updates completed ****" echo -e "\n" echo "**** Creating the following secrets ****" echo $EXISTING_FLOW_DB_SECRET echo $EXISTING_ANALYTICS_SECRET echo $EXISTING_DOIS_SECRET echo $EXISTING_FLOW_CRED_SECRET echo -e "\n" echo "Required manifests, keystore, and passkey backups are complete." echo "Would you like to continue the SDA chart deprecation?" echo "Enter Yes[y] to uninstall the SDA chart" read -p "Enter No[n] to exit: " answer if [[ "$answer" =~ ^[Yy]$ ]]; then echo "Great! Let's continue..." else echo "Stopping here. Exiting script..." exit 0 fi echo "**** Uninstalling SDA chart ****" helm uninstall ${RELEASE_NAME_SDA} -n ${SDA_NAMESPACE} echo "**** SDA chart uninstalled successfully ****" echo -e "\n" echo "Waiting for 2 mins to clean up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo -e "\n" echo "Would you like to continue the SDA chart deprecation?" echo "Enter Yes[y] to install the CD/RO, CI, and Nginx charts" read -p "Enter No[n] to rollback to the SDA chart: " answer if [[ "$answer" =~ ^[Yy]$ ]]; then echo -e "\n" echo "Great! Let's continue..." else rollbackToSDA fi echo "Dry-run checks for CD/RO chart" helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update helm upgrade --install ${NEW_RELEASE_NAME_CDRO} cloudbees/cloudbees-flow --version ${CDRO_FLOW_CHART_VERSION} -f cd.yaml \ --set-file server.customConfig.passkey\\.b64=keys/passkey.b64 \ --set-file server.customConfig.keystore\\.b64=keys/keystore.b64 \ --set database.existingSecret=${EXISTING_FLOW_DB_SECRET} \ --set analytics.credentials.existingSecret=${EXISTING_ANALYTICS_SECRET} \ --set dois.credentials.existingSecret=${EXISTING_DOIS_SECRET} \ --set flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --set boundAgent.flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --timeout 4200s \ -n ${SDA_NAMESPACE} --dry-run if [[ $? -eq 0 ]]; then echo "Dry run checks passed on CD/RO chart" else echo "ERROR: Dry-run checks failed on CD/RO chart!" rollbackToSDA fi echo -e "\n" echo "Dry-run checks for CI chart" helm upgrade --install ${NEW_RELEASE_NAME_CI} cloudbees/cloudbees-core --version ${CI_CORE_CHART_VERSION} -f ci.yaml --timeout 4200s -n ${SDA_NAMESPACE} --dry-run if [[ $? -eq 0 ]]; then echo "Dry run checks passed CI chart" else echo "ERROR: Dry-run checks failed on CI chart!" rollbackToSDA fi echo "**** Creating required secrets with updated labels ****" #kubectl create -f secret/update/ for i in $(ls secret/update); do # Check if the secret already exists SECRET_NAME=$(basename $i .yaml) if kubectl get secret "$SECRET_NAME" -n ${SDA_NAMESPACE} >/dev/null 2>&1; then echo "Secret $SECRET_NAME already exists. Deleting it..." kubectl delete secret "$SECRET_NAME" -n ${SDA_NAMESPACE} fi # Now create the secret echo "Creating secret from $i..." kubectl create -f "secret/update/$i" done echo "**** Secret creation completed ****" echo -e "\n" echo "**** Patching PVCs ****" for i in `kubectl get pvc --no-headers -n ${SDA_NAMESPACE}| awk '{print $1}'`; do if [[ "$i" == *"cjoc"* ]]; then if kubectl get pvc "$i" -n "$SDA_NAMESPACE" -o jsonpath='{.metadata.labels.release}' | grep -q .; then kubectl patch pvc $i -n $SDA_NAMESPACE -p "{\"metadata\": {\"labels\": {\"release\": \"$NEW_RELEASE_NAME_CI\"}}}" else echo "No release label found for ${i}. No patch was made." fi else if kubectl get pvc "$i" -n "$SDA_NAMESPACE" -o jsonpath='{.metadata.labels.release}' | grep -q .; then kubectl patch pvc $i -n $SDA_NAMESPACE -p "{\"metadata\": {\"labels\": {\"release\": \"$NEW_RELEASE_NAME_CDRO\"}}}" else echo "No release label found for ${i}. No patch was made." fi fi done echo "**** PVC patching completed ****" echo -e "\n" isIngressNginxEnabled=`cat ${RELEASE_NAME_SDA}-values.yaml | yq .ingress-nginx.enabled` if [[ "$isIngressNginxEnabled" == "true" ]] then echo "**** Installing ingress Nginx chart ****" helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm install ${NEW_RELEASE_NAME_NGINX} ingress-nginx/ingress-nginx --version 4.0.13 -f ingress-nginx.yaml -n ${NEW_NGINX_NAMESPACE} --create-namespace echo -e "\n" echo "Waiting for 2 mins to set up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo "**** Ingress Nginx chart installation completed ****" else echo "Seems the ingress-ngnix chart was not installed via the SDA chart. Skipping ingress-nginx chart installation..." fi helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ helm repo update echo -e "\n" echo "**** Installing CI cloudbees-core chart ****" helm upgrade --install ${NEW_RELEASE_NAME_CI} cloudbees/cloudbees-core --version ${CI_CORE_CHART_VERSION} -f ci.yaml --timeout 4200s -n ${SDA_NAMESPACE} echo "Waiting for 2 mins to set up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo "**** CI cloudbees-core chart installation completed ****" echo -e "\n" echo "**** Installing CD/RO cloudbees-flow chart ****" helm upgrade --install ${NEW_RELEASE_NAME_CDRO} cloudbees/cloudbees-flow --version ${CDRO_FLOW_CHART_VERSION} -f cd.yaml \ --set-file server.customConfig.passkey\\.b64=keys/passkey.b64 \ --set-file server.customConfig.keystore\\.b64=keys/keystore.b64 \ --set database.existingSecret=${EXISTING_FLOW_DB_SECRET} \ --set analytics.credentials.existingSecret=${EXISTING_ANALYTICS_SECRET} \ --set dois.credentials.existingSecret=${EXISTING_DOIS_SECRET} \ --set flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --set boundAgent.flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --timeout 4200s \ -n ${SDA_NAMESPACE} echo "Waiting for 2 mins to set up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo "**** CD/RO cloudbees-flow chart installation completed ****" echo -e "\n" echo "****** SDA chart was successfully deprecated ******" -
Make the script executable:
chmod +x sda-helm-chart-migration.shIf you used a different name for the script, use your custom script name instead. -
Execute the script:
./sda-helm-chart-migration.sh
Once you receive the SDA chart deprecated successfully message from the script, proceed to the next section.
Check deployment operations
After running the migration script, it critical to double-check your environment to ensure the Kubernetes deployments are operating as expected. This section provides basic checks to help.
To check the status of your new deployment:
-
Check the status of the pods:
kubectl get pods -n $SDA_NAMESPACE kubectl get pods -n $NEW_NGINX_NAMESPACEYou can check the updated Helm chart installations by running:
helm list -n $SDA_NAMESPACE helm list -n $NEW_NGINX_NAMESPACE -
Check the ingress endpoints
ADDRESS.CommandResponse examplekubectl get ingress -n $SDA_NAMESPACENAME CLASS HOSTS ADDRESS PORTS AGE cjoc nginx my-instance.cb.com 34.102.54.101 80 8m37s flow-ingress nginx my-instance.cb.com 34.102.54.101 80 11m test-controller nginx my-instance.cb.com 34.102.54.101 80 4h2m-
Your ingress IP addresses might have changed during migration. If so, update your DNS with the new ingress IP addresses and clear any cached records.
Failing to update your DNS and clearing caches may result in your components being unable to communicate.
-
-
Log into both the CloudBees CI and CloudBees CD/RO instances:
-
Ensure your expected data is present.
-
Run jobs as needed to ensure all components can send and receive data within your deployment.
If you encounter any issues after running the migration script, refer to Rollback Helm chart migration. -
If your expected data is present, and your components are operating and communicating as expected, you have successfully migrated from the CloudBees Software Delivery Automation Helm chart to the standalone product Helm charts.
Rollback Helm chart migration
If you encountered issues during migration, the steps in this section will help rollback your cluster to the original CloudBees Software Delivery Automation deployment.
To roll back the migration to the previous CloudBees Software Delivery Automation deployment:
-
Create local a copy of the following
rollback-sda-helm-chart-deprecation.sh:The
rollback-sda-helm-chart-deprecation.shmust be located in the same directory as yoursda-helm-chart-migration.sh.Expand
rollback-sda-helm-chart-deprecation.sh#!/bin/bash set -e if [ -f env-vars.txt ]; then cat env-vars.txt RELEASE_NAME_SDA=`cat env-vars.txt| grep RELEASE_NAME_SDA | cut -d: -f2` SDA_CHART_VERSION=`cat env-vars.txt| grep RELEASE_NAME_SDA | cut -d: -f3` SDA_NAMESPACE=`cat env-vars.txt| grep SDA_NAMESPACE | cut -d: -f2` NEW_RELEASE_NAME_CDRO=`cat env-vars.txt| grep NEW_RELEASE_NAME_CDRO | cut -d: -f2` NEW_RELEASE_NAME_CI=`cat env-vars.txt| grep NEW_RELEASE_NAME_CI | cut -d: -f2` NEW_RELEASE_NAME_NGINX=`cat env-vars.txt| grep NEW_RELEASE_NAME_NGINX | cut -d: -f2` NEW_NGINX_NAMESPACE=`cat env-vars.txt| grep NEW_NGINX_NAMESPACE | cut -d: -f2` CDRO_FLOW_CHART_VERSION=`cat env-vars.txt| grep CDRO_FLOW_CHART_VERSION | cut -d: -f2` CI_CORE_CHART_VERSION=`cat env-vars.txt| grep CI_CORE_CHART_VERSION | cut -d: -f2` else echo "ERROR: env-vars.txt file not found" exit 1 fi [ ! -f ${RELEASE_NAME_SDA}-values.yaml ] && echo "ERROR: ${RELEASE_NAME_SDA}-values.yaml file not found" && exit 1 if ! grep -Eq "ci:|cd:" "${RELEASE_NAME_SDA}-values.yaml" ; then echo "${RELEASE_NAME_SDA}-values.yaml does not contain either the CI or CD/RO values"; echo "Please verify ${RELEASE_NAME_SDA}-values.yaml"; fi if [ -z "$SDA_NAMESPACE" ] || [ -z "$RELEASE_NAME_SDA" ] || [ -z "$NEW_RELEASE_NAME_CDRO" ] || [ -z "$NEW_RELEASE_NAME_CI" ] || [ -z "$NEW_RELEASE_NAME_NGINX" ] || [ -z "$NEW_NGINX_NAMESPACE" ] || [ -z "$CDRO_FLOW_CHART_VERSION" ] || [ -z "$CI_CORE_CHART_VERSION" ]; then echo "Error: The following required environment variables are not set:" [ -z "$SDA_NAMESPACE" ] && echo " - SDA_NAMESPACE" [ -z "$RELEASE_NAME_SDA" ] && echo " - RELEASE_NAME_SDA" [ -z "$NEW_RELEASE_NAME_CDRO" ] && echo " - NEW_RELEASE_NAME_CDRO" [ -z "$NEW_RELEASE_NAME_CI" ] && echo " - NEW_RELEASE_NAME_CI" [ -z "$NEW_RELEASE_NAME_NGINX" ] && echo " - NEW_RELEASE_NAME_NGINX" [ -z "$NEW_NGINX_NAMESPACE" ] && echo " - NEW_NGINX_NAMESPACE" [ -z "$CDRO_FLOW_CHART_VERSION" ] && echo " - CDRO_FLOW_CHART_VERSION" [ -z "$CI_CORE_CHART_VERSION" ] && echo " - CI_CORE_CHART_VERSION" exit 1 fi echo -e "\n" echo "Uninstalling CD/RO" helm uninstall ${NEW_RELEASE_NAME_CDRO} -n ${SDA_NAMESPACE} echo "Waiting for 2 mins to clean up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo "CD/RO was uninstalled." echo -e "\n" echo "Uninstalling CI" helm uninstall ${NEW_RELEASE_NAME_CI} -n ${SDA_NAMESPACE} echo "Waiting for 2 mins to clean up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo "CI was uninstalled." echo -e "\n" echo "Uninstalling Nginx chart (if required)" isIngressNginxEnabled=`cat ${RELEASE_NAME_SDA}-values.yaml | yq .ingress-nginx.enabled` if [[ "$isIngressNginxEnabled" == "true" ]]; then helm uninstall ${NEW_RELEASE_NAME_NGINX} -n ${NEW_NGINX_NAMESPACE} echo "Waiting for 2 mins to clean up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo "Nginx chart was uninstalled." fi echo -e "\n" echo "Unpatching PVC ****" for i in `kubectl get pvc --no-headers -n ${SDA_NAMESPACE}| awk '{print $1}'`; do if [[ "$i" == *"cjoc"* ]]; then if kubectl get pvc "$i" -n "$SDA_NAMESPACE" -o jsonpath='{.metadata.labels.release}' | grep -q .; then kubectl patch pvc $i -n $SDA_NAMESPACE -p "{\"metadata\": {\"labels\": {\"release\": \"$RELEASE_NAME_SDA\"}}}" else echo "No release label found for ${i}. No patch was made." fi else if kubectl get pvc "$i" -n "$SDA_NAMESPACE" -o jsonpath='{.metadata.labels.release}' | grep -q .; then kubectl patch pvc $i -n $SDA_NAMESPACE -p "{\"metadata\": {\"labels\": {\"release\": \"$RELEASE_NAME_SDA\"}}}" else echo "No release label found for ${i}. No patch made." fi fi done echo " PVC unpatching completed" echo -e "\n" echo "Creating secret from backup" set +e for i in $(ls secret/update); do # Check if the secret already exists SECRET_NAME=$(basename $i .yaml) if kubectl get secret "$SECRET_NAME" -n ${SDA_NAMESPACE} >/dev/null 2>&1; then echo "Secret $SECRET_NAME already exists. Deleting it..." kubectl delete secret "$SECRET_NAME" -n ${SDA_NAMESPACE} fi done kubectl create -f secret/ 2>&1 | grep -v "AlreadyExists" set -e for i in "secret/"*.yaml do if [[ "${i}" == *"-db.yaml" ]] || [[ "${i}" == *"-analytics.yaml" ]] || [[ "${i}" == *"-dois.yaml" ]] || [[ "${i}" == *"-credentials.yaml" ]] || [[ "${i}" == *"mariadb-initdb-secret.yaml" ]]; then echo "name: $i" case $i in *-db.yaml) EXISTING_FLOW_DB_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *-analytics.yaml) EXISTING_ANALYTICS_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *-dois.yaml) EXISTING_DOIS_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *-credentials.yaml) EXISTING_FLOW_CRED_SECRET=$(echo "$i" | cut -d '/' -f2 | cut -d '.' -f1) ;; *mariadb-initdb-secret.yaml) echo "Do nothing..." ;; *) echo "Invalid secret" exit 1; ;; esac fi done echo $EXISTING_FLOW_DB_SECRET echo $EXISTING_ANALYTICS_SECRET echo $EXISTING_DOIS_SECRET echo $EXISTING_FLOW_CRED_SECRET echo -e "\n" echo "Rollback SDA chart" helm upgrade --install ${RELEASE_NAME_SDA} cloudbees/cloudbees-sda --version ${SDA_CHART_VERSION} -f ${RELEASE_NAME_SDA}-values.yaml \ --set-file cd.server.customConfig.passkey\\.b64=keys/passkey.b64 \ --set-file cd.server.customConfig.keystore\\.b64=keys/keystore.b64 \ --set cd.database.existingSecret=${EXISTING_FLOW_DB_SECRET} \ --set cd.analytics.credentials.existingSecret=${EXISTING_ANALYTICS_SECRET} \ --set cd.dois.credentials.existingSecret=${EXISTING_DOIS_SECRET} \ --set cd.flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --set cd.boundAgent.flowCredentials.existingSecret=${EXISTING_FLOW_CRED_SECRET} \ --timeout 4200s \ -n ${SDA_NAMESPACE} echo "Waiting for 2 mins to clean up everything..." echo "!!!! DO NOT ABORT EXECUTION !!!!" sleep 120 echo -e "\n" echo "SDA chart rollback completed" echo -e "\n" echo "Your ingress IP may have changed during rollback." echo "Run: kubectl get ingress -n ${SDA_NAMESPACE}" echo "Verify the IP, and update your DNS as needed." -
Make the script executable:
chmod +x rollback-sda-helm-chart-deprecation.shIf you used a different name for the script, use your custom script name instead. -
Execute the script:
./rollback-sda-helm-chart-deprecation.sh
Once you receive the SDA chart rollback completed message from the script, your original CloudBees Software Delivery Automation deployment should be fully restored.
|
Your ingress IP addresses might have changed during migration. To check the ingress IP address, run:
Verify the ingress IP against your DNS, update your DNS with the new ingress IP addresses as needed, and clear any cached records. Failing to perform this step may result in your components being unable to communicate. |