fix(migrations): Support Nubus MR upgrade.

2025-12-06 23:41:43 +01:00 · 2024-07-29 11:08:46 +02:00
parent 88db20b160
commit 2e1b3b3ba4
4 changed files with 86 additions and 9 deletions
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -6,6 +6,10 @@ SPDX-License-Identifier: Apache-2.0
 <h1>Upgrade migrations</h1>
 * [Disclaimer](#disclaimer)
 * [From v0.9.0](#from-v090)
  * [Manual migrations](#manual-migrations)
  * [Automated migrations](#automated-migrations)
    * [Updated IAM component Nubus](#updated-iam-component-nubus)
 * [From v0.8.1](#from-v081)
  * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
  * [Nubus LDAP PVCs](#nubus-ldap-pvcs)
@@ -18,6 +22,29 @@ We do not offer support for upgrades before we reach openDesk 1.0.
 Though we try to ease the pain when it comes to 0.x upgrades. That is what this document is for.
 # From v0.9.0
 ## Manual migrations
 None.
 ## Automated migrations
 ### Updated IAM component Nubus
 openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The new redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The `run_2` of the openDesk
 upgrade migrations executes the following steps
 - Stage PRE:
  - Scale down `statefulset/ums-ldap-server` and `statefulset/ums-ldap-notifier`.
  - Create two new PVCs `shared-data-ums-ldap-server-primary-0` and `shared-data-ums-ldap-server-primary-1` for the new LDAP primary pods as copy from the existing `shared-data-ums-ldap-server-0`. The LDAP secondaries will sync from the primary nodes.
 - Stage POST:
  - Delete the no longer used `shared-data-ums-ldap-server-0`.
  - Restart Keycloak.
 **Note:** You should ensure you have a backup of the contents of `shared-data-ums-ldap-server-0` if something goes wrong during the
 upgrade migration.
 # From v0.8.1
 ## Updated `cluster.networking.cidr`
@@ -79,6 +106,60 @@ EOF
 kubectl -n $NAMESPACE delete pvc shared-data-ums-ldap-server-0
 ```
 ## Nubus LDAP PVCs
 openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The new redundant and scalable LDAP requires some manual action to upgrade from 0.8.1:
 - Action: Before the upgrade you have to prepare the PVCs for the LDAP primary Pods. First scale down the 0.8.1 LDAP Pod and pre-create and pre-populate the new PVCs with the data from the current LDAP PVC. You can do all this by running the following snippet on your commandline, after setting `NAMESPACE` to the appropriate value. The LDAP secondaries get sync'd from the primary to fill their own PVCs data.
 ```
 export NAMESPACE=YOUR_NAMESPACE
 kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-notifier
 kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-server
 kubectl -n $NAMESPACE apply -f - <<EOF
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  # Target PVC name
  name: shared-data-ums-ldap-server-primary-0
 spec:
  dataSource:
    # Source PVC name
    name: shared-data-ums-ldap-server-0
    kind: PersistentVolumeClaim
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # Target PVC size (deployments default to 1Gi)
      storage: 1Gi
 ...
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  # Target PVC name
  name: shared-data-ums-ldap-server-primary-1
 spec:
  dataSource:
    # Source PVC name
    name: shared-data-ums-ldap-server-0
    kind: PersistentVolumeClaim
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # Target PVC size (deployments default to 1Gi)
      storage: 1Gi
 ...
 EOF
 ```
 - Once you have verified that your upgrade was successful, you can delete the previous LDAP's PVC:
 ```
 kubectl -n $NAMESPACE delete pvc shared-data-ums-ldap-server-0
 ```
 ## Updated customizable template attributes
 - Action: Please ensure you update you custom deployment values according with the updated default value structure.
--- a/helmfile/environments/default/global.generated.yaml
+++ b/helmfile/environments/default/global.generated.yaml
@@ -3,5 +3,5 @@
 ---
 global:
  systemInformation:
-    releaseVersion: "v0.9.0"
+    releaseVersion: "v0.9.1"
 ...
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -205,7 +205,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.0.2@sha256:fbe21b4e2a276d2c5d052c1bb52158debfcc146188e654661001d4ff45b1b453"
+    tag: "1.1.0-trossner-run-2@sha256:132bbd4de55d611dce6094b9ead015c8a139144076efe97a9f4d7fe4181918b6"
  milter:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
--- a/helmfile/shared/migrations.yaml.gotmpl
+++ b/helmfile/shared/migrations.yaml.gotmpl
@@ -15,16 +15,12 @@ cleanup:
  keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
 migrations:
-  runId: 1
+  runId: 2
  currentOdRelease: {{ .Values.global.systemInformation.releaseVersion | quote }}
  namespace: {{ .Values.migrations.namespace | quote }}
  loglevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
  failOnUnexpectedState: true
-  credentials:
+  environmentDetails:
-    keycloakAdminUsername: "kcadmin"
+    {{ .Values | toYaml | nindent 4 }}
    keycloakAdminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
  urls:
    keycloakBase: "http://ums-keycloak.{{ .Values.univentionManagementStack.namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
 containerSecurityContext:
  allowPrivilegeEscalation: false