Instructions to Update the Parameters in value.yaml
Follow the instructions given below if you are upgrading from LDAP to SAML. The current installation could have been installed using helm (Scenario A) or using the gitops installer (Scenario B).
Please follow the steps as per your current scenario.
Scenario A
Use these instructions if
You have a openldap installed using the helm installer and
Already have a "gitops-repo" for Spinnaker Configuration
Have values.yaml that was used for helm installation
Execute these commands, replacing "gitops-repo" with your repo
git clone https://github.com/.../gitops-repo
git clone https://github.com/OpsMx/standard-isd-gitops.git -b 4.0.3
cp -r standard-isd-gitops/upgrade gitops-repo/
cd gitops-repo
Copy the existing values.yaml that was used for previous installation into this folder, and name it as "values.yaml" (file name is important)
Create gittoken secret. This token will be used to authenticate to the gitops-repo
kubectl -n opsmx-isd create secret generic gittoken --from-literal
gittoken=PUT_YOUR_GITTOKEN_HERE
kubectl -n opsmx-isd create secret generic ldapconfigpassword --from-literal ldapconfigpassword=PUT_YOUR_SECRET_HERE
kubectl -n opsmx-isd create secret generic ldappassword --from-literal ldappassword=PUT_YOUR_SECRET_HERE
kubectl -n opsmx-isd create secret generic miniopassword --from-literal miniopassword=PUT_YOUR_SECRET_HERE
kubectl -n opsmx-isd create secret generic redispassword --from-literal redispassword=PUT_YOUR_SECRET_HERE
kubectl -n opsmx-isd create secret generic saporpassword --from-literal saporpassword=PUT_YOUR_SECRET_HERE
kubectl -n opsmx-isd create secret generic rabbitmqpassword --from-literal rabbitmqpassword=PUT_YOUR_SECRET_HERE
kubectl -n opsmx-isd create secret generic keystorepassword --from-literal keystorepassword=PUT_YOUR_SECRET_HERE
Scenario B
Use this set of instructions if:
You have an openldap installed using gitops installer
Already have a gitops-repo for ISD (AP and Spinnaker) Configuration
Execute these commands, replacing "gitops-repo" with your repo
git clone https://github.com/.../gitops-repo
git clone https://github.com/OpsMx/standard-isd-gitops.git -b 4.0.4.3
cp -r standard-isd-gitops/upgrade gitops-repo/
cd gitops-repo
Check that a "values.yaml" file exists in this directory (root of the gitops-repo)
Common Steps
Upgrade sequence: (Openldap to Saml):
Create the application in Saml. Refer Okta Configuration for ISD.
Below are the changes need to be done in the values.yaml file. Ignore if you have already done
Please make the global.installOpenLdap and global.ldap section to false.
Update global.auth.saml to true.
Update gate.config.saml to true.
Copy the below block of code into the values.yaml and paste if its already present please ignore and update the values.yal by reading the inline comments
gate:
config:
saml:
Enabled: true
userSource: gate # Let it be the default do not change
keyStore: /opt/spinnaker/saml/oessaml.jks # The key in this secret must be oessaml.jks
keyStorePassword: encrypted:keystorepassword:keystorepassword
keyStoreAliasName: saml # Let it be the default do not change
metadataUrl: /opt/spinnaker/saml/oesmetadata.xml # The key in this secret must be oesmetadata.xml
redirectProtocol: https # Let it be the default do not change
redirectHostname: oes-ui.ryzon7-gitops.opsmx.org/gate # OES UI host name
redirectBasePath: / # Let it be the default do not change
issuerId: ryzonoesgate # issuer id will is given as part of app creation
jksSecretName: oessamljks
Update the okta groups under global.saporgate config( Please specify the groups you want to see in isd)
saporgate:
config:
username: admin # Admin user of saml
adminGroups: admin ## groups defined here will have superAdmin privileges in Autopilot
cd upgrade
Update upgrade-inputcm.yaml: url, username and gitemail MUST be updated.
If you have install/inputcm.yaml from previous installation, simply copy-paste these lines here
If ISD Namespace is different from "opsmx-isd": Update namespace (default is opsmx-isd) to the namespace where ISD is installed.
If ISD Namespace is different from "opsmx-isd": Edit serviceaccount.yaml and edit "namespace:" to update it to the ISD namespace (e.g.opsmx-isd)
Push changes to git using the below command:
git add -A; git commit -m"Upgrade related changes";git push
Apply the upgrade-input and service account, generate using the below command:
kubectl -n opsmx-isd apply -f upgrade-inputcm.yaml
kubectl -n opsmx-isd apply -f serviceaccount.yaml # Edit namespace if changed from the default "opsmx-isd"
kubectl -n opsmx-isd replace --force -f ISD-Generate-yamls-job.yaml
Compare and merge branch: This job will create a branch on the gitops-repo with the helmchart version number specified in the upgrade-inputcm.yaml. Raise a PR and check what changes are being made. Once satisfied, merge the PR.
Execute the below command:
kubectl -n opsmx-isd replace -f ISD-Apply-yamls-job.yaml
The isd-spinnaker-halyard-0 pod should restart automatically. If not, execute the following command:
kubectl -n opsmx-isd delete po isd-spinnaker-halyard-0
Restart all the pods:
kubectl -n opsmx-isd scale deploy -l app=oes --replicas=0 # Wait for a min or two
kubectl -n opsmx-isd scale deploy -l app=oes --replicas=1 # Wait for all pods to come to ready state
Go to ISD UI and check that the version number has changed in the top-right corner
Wait for about 5 min for autoconfiguration to take place.
If required: a) Connect Spinnaker again b) Configure pipeline-promotion again. To do this, in the ISD UI:
Click setup
Click Spinnaker tab at the top. Check if "External Accounts" and "Pipeline-promotion" columns show "yes". If any of them is "no":
Click "edit" on the 3 dots on the far right. Check the values already filled in, make changes if required and click "update".
Restart the halyard pod by clicking "Sync Accounts to Spinnaker" in the Cloud Accounts tab or simply delete the halayard pod
Rollback to OpenLDAP
Create a PR to revert the changes which is merged as part of step 7.
kubectl -n opsmx-isd replace --force -f ISD-Apply-yamls-job.yaml
# Wait for the pods to stabilize
Restart all pods:
kubectl -n opsmx-isd scale deploy -l app=oes --replicas=0 # Wait for a min or two
kubectl -n opsmx-isd scale deploy -l app=oes --replicas=1
# Wait for all pods to come to ready state
Troubleshooting
If the cluster gets deleted by mistake follow the below steps:
Create the same namespace that was deleted earlier.
It is assumed user have everything in the gitops repo(install,upgrade,halyard content etc)
Create the gittoken secret by using the below command.
kubectl -n opsmx-isd create secret generic gittoken --from-literal
gittoken=PUT_YOUR_GITTOKEN_HERE
Execute the below commands
kubectl -n opsmx-isd apply -f serviceaccount.yaml # Edit namespace if changed from the default "opsmx-isd"
kubectl -n opsmx-isd apply -f inputcm.yaml
kubectl -n opsmx-isd replace --force -f ISD-Apply-yamls-job.yaml
Last updated
Was this helpful?