Upgrade notes
Perform the following steps when upgrading your installation to the latest release:
A new cbc-release-1.51.0-bundle.zip
is provided with this release, which contains example example.tfvars
, secrets-example.tfvars
, and the relevant .tf
files to show the variable definitions and default values.
It also includes values-example.yaml
for the app-deploy
, along with the latest infra-setup.sh
, app-deploy.sh
, and a new Python script to generate the CloudFormation template for use with CasC (configuration as code).
The .tfvars
and Helm values-env.yaml
have been simplified in this release, and should be compared to the examples provided in the release bundle .zip
file.
Changes have been noted below for information.
- Terraform
-
-
EKS version 1.32 is now the default supported version.
-
The following
.tfvars
now read from the default values, and should be commented out:-
nat_count
-
ec2_neo4j_availability_zone
-
aws_accessible_namespaces
-
-
The KMS Key for
ui-field-encryption
has been removed. -
The following infra modules need to be applied:
-
kms-infra
-
To remove the deprecated KMS Key.
-
-
eks-infra
-
To upgrade the EKS cluster from 1.31 to 1.32.
-
-
iam-infra
-
To remove obsolete internal IAM roles and policies.
-
-
secret-infra
-
To apply changes in secrets.
-
-
-
- Helm
-
-
Added new UI module
ui-authorisation
service. -
Upgraded Grafana from 10.3.1 to 11.2.10.
-
Upgraded Helmwave from v0.41.6 to v0.42.1.
-
Helm
values-env.yaml
structure has been simplified. -
The values for the following charts have been merged into a single values file called
cbc-tools/values-<env>.yaml
. Most values for these modules have been migrated to default values:-
cbc-keycloak
-
external-secrets
-
ingress-nginx
-
internal-nginx-ingress
-
istio-base
-
istiod
-
metrics-server
-
tempo
-
-
Amazon KMS keys and storage bucket values have been migrated to default values.
-
Most of the common domains to whitelist have been migrated to default values. A new value called
whitelistedClientDomains
has been introduced to manage organisation-specific domains, such as:
-
.cbc.example.com,.example.com
-
Common values, such as the below, have been moved to default values:
-
`grafana-agent-traces
-
Kubernetes Job for
provider-service-data-refresh
,plugin-registration
andkeycloak-management
. -
globalEnvVars
, such as fips and proxy. -
`defaultSidecar values.
-
Amazon RDS and EKS volumes.
-
The port number for RDS, Redis & Neo4j.
-