Performing rolling upgrades to DevOps Plan Helm chart
You can upgrade DevOps Plan to the newest release using the helm upgrade command.
Before you begin
- Use Helm to install the DevOps Plan solution chart as described in Step 5 of Getting started with DevOps Plan Helm chart.
About this task
Procedure
-
Case 1: Upgrading the DevOps Plan
chart.
helm upgrade hcl-devopsplan devops-plan/hcl-devopsplan \ --namespace [namespace] \ --set global.hclImagePullSecret=[secret-name] -
Case 2: Upgrading the DevOps Plan Docker image.
helm upgrade hcl-devopsplan devops-plan/hcl-devopsplan \ --namespace [namespace] \ --set global.hclImagePullSecret=[secret-name] \ --set image.tag=[image-tag] -
Case 3: Upgrading the Helm Chart from DevOps Plan 3.0.2 to 3.0.3:
The DevOps Plan 3.0.3 Helm Chart upgraded the version of OpenSearch and OpenSearch Dashbaords from version 2.11 to version 2.18. Version 2.18 does not support the default admin password. Opensearch 2.18 requires a minimum of 8 characters with at least one uppercase, one lowercase, one digit, and one special character. You must update the default admin password with the new required password during the installation of DevOps Plan 3.0.2 and follow the steps below to upgrade to version 3.0.3.
- To update the Opensearch admin password and generate hashed for
opensearch password in version
2.11:
NEW_ADMIN_PASSWORD=[opensearch-new-admin-password] docker run -d --name devopsplan-opensearch --env "discovery.type=single-node" opensearchproject/opensearch:2.11.0 docker exec -it devopsplan-opensearch /bin/bash -c /usr/share/opensearch/plugins/opensearch-security/tools/hash.sh -p ${NEW_ADMIN_PASSWORD} docker stop devopsplan-opensearch docker rm devopsplan-opensearchThis will provide you with the Opensearch hash value for the new Opensearch password.
- To create a new-opensearch-password-302.yaml file and set the new password and hash
value:
dashboards: password: "[opensearch-new-admin-password]" opensearch: hash: "[opensearch-hash-value]" - Install DevOps Plan
3.0.2:
helm upgrade --install devopsplan devops-plan/hcl-devopsplan \ -f new-opensearch-password-302.yaml \ --version 3.0.20 \ --namespace devopsplan \ --set global.imagePullSecret=[secret-name] - Create a new-opensearch-password-303.yaml file and set the new
password and hash
value:
opensearch: &opensearch password: "[opensearch-new-admin-password]" hash: "[opensearch-hash-value]" data-prepper: opensearch: *opensearch - Upgrade to DevOps Plan
3.0.3:
helm upgrade --install devopsplan devops-plan/hcl-devopsplan \ -f new-opensearch-password-303.yaml \ --namespace devopsplan \ --set global.imagePullSecret=[secret-name]
If you have already installed with the internal PostgreSQL database, and you plan to upgrade to the latest release version without deleting the PostgreSQL PVC, you must get the existing password before uninstalling or upgrading and set it during the helm upgrade --install. Get the password for the internal PostgreSQL database by running the following command when the namespace is set to devopsplan:export POSTGRES_PASSWORD=$(kubectl get secret --namespace devopsplan ibm-devopsplan-postgresql -o jsonpath="{.data.tenant-datastore-password}" | base64 -d)Set the password during the helm upgrade
--install:--set postgresql.existingPassword=$POSTGRES_PASSWORDIf you have already installed with the internal Keycloak, and you plan to upgrade to the latest release version without deleting the Keycloak PVC, you must get the existing password before uninstalling or upgrading and set it during the helm upgrade –-install. Get the password for the internal Keycloak by running this command when the namespace is set to devopsplan:export KEYCLOAK_PASSWORD=$(kubectl get secret --namespace devopsplan ibm-devopsplan-keycloak -o jsonpath="{.data.keycloak-password}" | base64 -d)Set the password during the helm upgrade
--install:--set keycloak.existingPassword=$KEYCLOAK_PASSWORD - To update the Opensearch admin password and generate hashed for
opensearch password in version
2.11: