Upgrade notes
Perform the following steps when upgrading your installation to the latest release:
- Terraform
-
-
Apply
secret-infra
, to remove the secrets for the retiredui-organisation-service
.
-
- Helm
-
-
Remove the following values from
values-<env>.yaml
for the retiredui-organisation-service
:############################################################################################################ # ui-organisation-service ############################################################################################################ uiOrganisationService: enabled: true name: "ui-organisation-service" imageTag: "imbrium/ui-organisation-service:cbc-release-1.48.0" imagePullPolicy: Always replicas: 1 rdsCertVolume: true strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 autoscaling: enabled: false minReplicas: 2 maxReplicas: 4 targetCPUUtilizationPercentage: 80 resources: limits: memory: 1639Mi requests: cpu: 100m memory: 600Mi emptyDir: sizeLimit: 10Gi service: type: NodePort name: http-service port: 5001 dbMigration: name: "ui-organisation-service-migrate" imageTag: "imbrium/ui-organisation-service-migrate:cbc-release-1.48.0" database: "ch_ui" sidecar: enabled: true hosts: - "kube-system/kube-dns.kube-system.svc.cluster.local" - "./*.amazonaws.com" - "./aws.amazon.com" - "./*.keysight.com" - "./github.com" - "./*.github.com" - "./mariadb.internal.cbc.is.keysight.com" - "./*.{{ $.Release.Namespace }}.svc.cluster.local" - "./redis.internal.cbc.is.keysight.com" - "./*.service-now.com" - "./gitlab.com" - "./*.docker.io" - "./*.docker.com" - "./*.atlassian.net" - "./id.atlassian.com" - "./raw.githubusercontent.com" envVars: - name: CH_FINDINGS_ENABLED value: "true"
-
Increase the
org-service
memory limit to 600 MB:-
In
values-<env>.yaml
, setorgService.resources.limits`memory
to600Mi
:resources: limits: memory: 600Mi
-
-
- New maintenance page functionality for upgrades
-
The new
maintenance-page.sh
script toggles between enabling or disabling access to the system during an upgrade.
To disable access during an upgrade, it routes all requests to the system to a maintenance page.
- Graph database cleanups
-
Perform the following steps to clean deprecated data from the graph database:
-
Add the following to
app-deploy.sh
:-
Add the following to
MYSQL_HOST
:NEO4J_HOST="neo4j.${ENV_NAME}.${PROJECT}.${ZONE}"
-
Add the following to
# Synchronising helm values to S3
:############################################################################### # Graph DB data clean up check ############################################################################### if [[ -z "$GRAPH_DB_CLEANUP" ]]; then echo "Variable is empty & setting as false" GRAPH_DB_CLEANUP="false" fi
-
Update the following environment variables for
kubectl run cbc-helmwave
:{ "name": "NEO4J_HOST", "value": "'"${NEO4J_HOST}"'" }, { "name": "GRAPH_DB_CLEANUP", "value": "'"${GRAPH_DB_CLEANUP}"'" }
-
-
To execute the data cleanup:
-
Export
GRAPH_DB_CLEANUP
astrue
:export GRAPH_DB_CLEANUP="true"
-
Execute the
app-deploy.sh
script as normal (no changes are required to the execution command):bash app-deploy.sh \ ${PROJECT} \ ${ENV_NAME} \ ${ZONE} \ ${REGION} \ ${DHUB_USER_NAME} \ ${DHUB_PASSWORD} \ ${DOCKERHUB_EMAIL} \ ${CLUSTER_NAME}
- GitHub App callback URLs
-
With the removal of
ui-organisation-service
, the callback URLs for GitHub and GitHub Enterprise Apps must be reconfigured.
This must be done for both cloud and enterprise GitHub Apps. |
Configure the GitHub App for all environments with the new Callback URL and Setup URL:
Callback URL https://{hostname}/app/api/accounts/github/callback (1) Setup URL https://{hostname}/app/api/accounts/github/callback (1)
1 | Replace {hostname} with your hostname. |