Instructions to Update the Parameters in value.yaml
Follow the instructions given below if you are upgrading from LDAP to SAML. The current installation could have been installed using helm (Scenario A) or using the gitops installer (Scenario B).
Please follow the steps as per your current scenario.
Scenario A
Use these instructions if
You have a openldap installed using the helm installer and
Already have a "gitops-repo" for Spinnaker Configuration
Have values.yaml that was used for helm installation
Execute these commands, replacing "gitops-repo" with your repo
Copy the existing values.yaml that was used for previous installation into this folder, and name it as "values.yaml" (file name is important)
Create gittoken secret. This token will be used to authenticate to the gitops-repo
You only need to create these secrets if they are changed from the default and update the namespace accordingly(default is opsmx-isd)
Scenario B
Use this set of instructions if:
You have an openldap installed using gitops installer
Already have a gitops-repo for ISD (AP and Spinnaker) Configuration
Execute these commands, replacing "gitops-repo" with your repo
Check that a "values.yaml" file exists in this directory (root of the gitops-repo)
Common Steps
Upgrade sequence: (Openldap to Saml):
Create the application in Saml. Refer Okta Configuration for ISD.
Below are the changes need to be done in the values.yaml file. Ignore if you have already done
Please make the global.installOpenLdap and global.ldap section to false.
Update global.auth.saml to true.
Update gate.config.saml to true.
Copy the below block of code into the values.yaml and paste if its already present please ignore and update the values.yal by reading the inline comments
Update the okta groups under global.saporgate config( Please specify the groups you want to see in isd)
cd upgrade
Update upgrade-inputcm.yaml: url, username and gitemail MUST be updated.
If you have install/inputcm.yaml from previous installation, simply copy-paste these lines here
If ISD Namespace is different from "opsmx-isd": Update namespace (default is opsmx-isd) to the namespace where ISD is installed.
If ISD Namespace is different from "opsmx-isd": Edit serviceaccount.yaml and edit "namespace:" to update it to the ISD namespace (e.g.opsmx-isd)
Push changes to git using the below command:
Apply the upgrade-input and service account, generate using the below command:
Compare and merge branch: This job will create a branch on the gitops-repo with the helmchart version number specified in the upgrade-inputcm.yaml. Raise a PR and check what changes are being made. Once satisfied, merge the PR.
Execute the below command:
The isd-spinnaker-halyard-0 pod should restart automatically. If not, execute the following command:
Restart all the pods:
Go to ISD UI and check that the version number has changed in the top-right corner
Wait for about 5 min for autoconfiguration to take place.
If required: a) Connect Spinnaker again b) Configure pipeline-promotion again. To do this, in the ISD UI:
Click setup
Click Spinnaker tab at the top. Check if "External Accounts" and "Pipeline-promotion" columns show "yes". If any of them is "no":
Click "edit" on the 3 dots on the far right. Check the values already filled in, make changes if required and click "update".
Restart the halyard pod by clicking "Sync Accounts to Spinnaker" in the Cloud Accounts tab or simply delete the halayard pod
Rollback to OpenLDAP
Create a PR to revert the changes which is merged as part of step 7.
Restart all pods:
Troubleshooting
If the cluster gets deleted by mistake follow the below steps:
Create the same namespace that was deleted earlier.
It is assumed user have everything in the gitops repo(install,upgrade,halyard content etc)
Create the gittoken secret by using the below command.
Execute the below commands
Last updated