Upgrade notes
Perform the following steps when upgrading your installation to the latest release:
cbc-release-1.50.0.zip
is provided with this release.
It contains example.tfvars
, secrets-example.tfvars
, and other .tf
files with variable definitions and default values.
It also includes values-example.yaml
for app-deploy
, along with the latest infra-setup.sh
, app-deploy.sh
, and a new python script to generate the CloudFormation template for CasC (configuration as code) functionality.
.tfvars
and helm values-env.yaml
have been simplified in this release, and must be compared to the examples provided in the release bundle .zip
file.
Changes have been noted below for information.
- Terraform
-
-
EKS version 1.31 is now the default supported version.
eks_node_kuberneters_version
must be set to1.31
, or commented out to use the default 1.31.EKS 1.32 support has been added as EXPERIMENTAL
. -
The following terraform variables are no longer required in
tfvars
, and are no longer in the example files:gh_oauth_app_client_id gh_oauth_app_client_secret AUTH_PROVIDER AUTH0_API_CLIENT_ID AUTH0_API_CLIENT_SECRET AUTH0_CLIENT_ID AUTH0_CLIENT_SECRET AUTH0_DOMAIN AUTH0_ORG_DEFAULT_ENABLED_CONNECTIONS AUTH0_SYSTEM_ADMIN_ROLE AUTH0_SECRET API_TOKEN_SECRE CH_JAVA_TRUSTSTORE_PWD ORG_INVITATIONS_DISABLED CH_ACTIONS_QUERIES_VERSION FMS_JIRA_SLA_FIELD FMS_JIRA_HOSTNAME scope_check_enabled
-
For Jira webhook content encryption a new secret is required for the ui-ticket-service. Add
WEBHOOK_ENCRYPTION_KEY
tosecrets.tfvars
:WEBHOOK_ENCRYPTION_KEY = "<32 char random value>"
-
The following infra modules must be applied:
-
eks-infra
-
Upgrades the EKS cluster from 1.30 to 1.31.
-
-
iam-infra
-
secret-infra
-
Removes unused secrets, and adds new secrets.
-
-
-
- Helm
-
To enable the new TruffleHog plugin, add the following to the
goPluginServices
node ofvalues-<env>.yaml
:plugin-trufflehog: enabled: true
-
Helm
values-env.yaml
structure has been simplified:-
Two new variables simplify the setting of image tags for all services and plugins:
global: project: imageRegistryUri: imbrium releaseVersion: cbc-release-<version>
-
Core and UI services are enabled by default in the Helm chart, so they no longer need to be explicitly enabled in the values file.
-
GoLang plugins are separated and grouped under
goPluginServices
. -
Java plugins are separated and grouped under
javaPluginServices
. -
imagePullPolicy
has been changed toIfNotPresent
, and set as default in the Helm chart. Images are now only pulled when they are required. To change it back toAlways
, change the following:global: apps: default: imagePullPolicy: Always dbMigrationJobs: imagePullPolicy: Always
-
rdsCertVolume
ands3Access
enablement flags for individual services have been added to the default Helm values, so they do not need to be defined in the values file. -
Services that require sidecars are enabled by default in the chart’s values file. Only client-specific domains must be added under
sidecar.host
, all common domains are already included in the Helm chart. -
The total lines for Values YAML has been reduced from 4300+ to 550.
-
-