From 2e1b3b3ba484d4e74cb312b09e7a216ff9c3c7d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Mon, 29 Jul 2024 11:08:46 +0200 Subject: [PATCH] fix(migrations): Support Nubus MR upgrade. --- docs/migrations.md | 81 +++++++++++++++++++ .../default/global.generated.yaml | 2 +- helmfile/environments/default/images.yaml | 2 +- helmfile/shared/migrations.yaml.gotmpl | 10 +-- 4 files changed, 86 insertions(+), 9 deletions(-) diff --git a/docs/migrations.md b/docs/migrations.md index 02acccea..6e04b5ed 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -6,6 +6,10 @@ SPDX-License-Identifier: Apache-2.0

Upgrade migrations

* [Disclaimer](#disclaimer) +* [From v0.9.0](#from-v090) + * [Manual migrations](#manual-migrations) + * [Automated migrations](#automated-migrations) + * [Updated IAM component Nubus](#updated-iam-component-nubus) * [From v0.8.1](#from-v081) * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr) * [Nubus LDAP PVCs](#nubus-ldap-pvcs) @@ -18,6 +22,29 @@ We do not offer support for upgrades before we reach openDesk 1.0. Though we try to ease the pain when it comes to 0.x upgrades. That is what this document is for. +# From v0.9.0 + +## Manual migrations + +None. + +## Automated migrations + +### Updated IAM component Nubus + +openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The new redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The `run_2` of the openDesk +upgrade migrations executes the following steps + +- Stage PRE: + - Scale down `statefulset/ums-ldap-server` and `statefulset/ums-ldap-notifier`. + - Create two new PVCs `shared-data-ums-ldap-server-primary-0` and `shared-data-ums-ldap-server-primary-1` for the new LDAP primary pods as copy from the existing `shared-data-ums-ldap-server-0`. The LDAP secondaries will sync from the primary nodes. +- Stage POST: + - Delete the no longer used `shared-data-ums-ldap-server-0`. + - Restart Keycloak. + +**Note:** You should ensure you have a backup of the contents of `shared-data-ums-ldap-server-0` if something goes wrong during the +upgrade migration. + # From v0.8.1 ## Updated `cluster.networking.cidr` @@ -79,6 +106,60 @@ EOF kubectl -n $NAMESPACE delete pvc shared-data-ums-ldap-server-0 ``` +## Nubus LDAP PVCs + +openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The new redundant and scalable LDAP requires some manual action to upgrade from 0.8.1: + +- Action: Before the upgrade you have to prepare the PVCs for the LDAP primary Pods. First scale down the 0.8.1 LDAP Pod and pre-create and pre-populate the new PVCs with the data from the current LDAP PVC. You can do all this by running the following snippet on your commandline, after setting `NAMESPACE` to the appropriate value. The LDAP secondaries get sync'd from the primary to fill their own PVCs data. +``` +export NAMESPACE=YOUR_NAMESPACE +kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-notifier +kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-server +kubectl -n $NAMESPACE apply -f - <