sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 15:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2427389207caf7823ba28e19f7ab80f3d053ed4d
opendesk/docs/migrations.md
Thorsten Roßner b361b57dae fix(migrations): Support Nubus MR upgrade.
2024-07-31 17:50:06 +02:00

6.9 KiB
Raw Blame History

Upgrade migrations

Disclaimer

We do not offer support for upgrades before we reach openDesk 1.0.

Though we try to ease the pain when it comes to 0.x upgrades. That is what this document is for.

From v0.9.0

Manual migrations

None.

Automated migrations

Updated IAM component Nubus

openDesk is integrating the latest Nubus development from Univention. The new redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The run_2 of the openDesk upgrade migrations executes the following steps

  • Stage PRE:
    • Scale down statefulset/ums-ldap-server and statefulset/ums-ldap-notifier.
    • Create two new PVCs shared-data-ums-ldap-server-primary-0 and shared-data-ums-ldap-server-primary-1 for the new LDAP primary pods as copy from the existing shared-data-ums-ldap-server-0. The LDAP secondaries will sync from the primary nodes.
  • Stage POST:
    • Delete the no longer used shared-data-ums-ldap-server-0.
    • Restart Keycloak.

Note: You should ensure you have a backup of the contents of shared-data-ums-ldap-server-0 if something goes wrong during the upgrade migration.

From v0.8.1

Updated cluster.networking.cidr

  • Action: cluster.networking.cidr is now an array (was a string until 0.8.1), please update your setup accordingly if you explicitly set this value.
  • Reference:cluster.yaml

Nubus LDAP PVCs

openDesk is integrating the latest Nubus development from Univention. The new redundant and scalable LDAP requires some manual action to upgrade from 0.8.1:

  • Action: Before the upgrade you have to prepare the PVCs for the LDAP primary Pods. First scale down the 0.8.1 LDAP Pod and pre-create and pre-populate the new PVCs with the data from the current LDAP PVC. You can do all this by running the following snippet on your commandline, after setting NAMESPACE to the appropriate value. The LDAP secondaries get sync'd from the primary to fill their own PVCs data.
export NAMESPACE=YOUR_NAMESPACE
kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-notifier
kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-server
kubectl -n $NAMESPACE apply -f - <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # Target PVC name
  name: shared-data-ums-ldap-server-primary-0
spec:
  dataSource:
    # Source PVC name
    name: shared-data-ums-ldap-server-0
    kind: PersistentVolumeClaim
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # Target PVC size (deployments default to 1Gi)
      storage: 1Gi
...
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # Target PVC name
  name: shared-data-ums-ldap-server-primary-1
spec:
  dataSource:
    # Source PVC name
    name: shared-data-ums-ldap-server-0
    kind: PersistentVolumeClaim
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # Target PVC size (deployments default to 1Gi)
      storage: 1Gi
...
EOF
  • Once you have verified that your upgrade was successful, you can delete the previous LDAP's PVC:
kubectl -n $NAMESPACE delete pvc shared-data-ums-ldap-server-0

Nubus LDAP PVCs

openDesk is integrating the latest Nubus development from Univention. The new redundant and scalable LDAP requires some manual action to upgrade from 0.8.1:

  • Action: Before the upgrade you have to prepare the PVCs for the LDAP primary Pods. First scale down the 0.8.1 LDAP Pod and pre-create and pre-populate the new PVCs with the data from the current LDAP PVC. You can do all this by running the following snippet on your commandline, after setting NAMESPACE to the appropriate value. The LDAP secondaries get sync'd from the primary to fill their own PVCs data.
export NAMESPACE=YOUR_NAMESPACE
kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-notifier
kubectl -n $NAMESPACE scale --replicas=0 statefulset/ums-ldap-server
kubectl -n $NAMESPACE apply -f - <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # Target PVC name
  name: shared-data-ums-ldap-server-primary-0
spec:
  dataSource:
    # Source PVC name
    name: shared-data-ums-ldap-server-0
    kind: PersistentVolumeClaim
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # Target PVC size (deployments default to 1Gi)
      storage: 1Gi
...
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # Target PVC name
  name: shared-data-ums-ldap-server-primary-1
spec:
  dataSource:
    # Source PVC name
    name: shared-data-ums-ldap-server-0
    kind: PersistentVolumeClaim
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      # Target PVC size (deployments default to 1Gi)
      storage: 1Gi
...
EOF
  • Once you have verified that your upgrade was successful, you can delete the previous LDAP's PVC:
kubectl -n $NAMESPACE delete pvc shared-data-ums-ldap-server-0

Updated customizable template attributes

  • Action: Please ensure you update you custom deployment values according with the updated default value structure.
  • References:
    • functional. prefix for authentication.*, externalServices.*, admin.* and filestore.*, see functional.yaml.
    • debug. prefix for cleanup.*, see debug.yaml.
    • monitoring. prefix for prometheus.* and graphana.*, see monitoring.yaml.
    • smtp. prefix for localpartNoReply, see smtp.yaml.

migrations S3 bucket

  • Action: For self managed/external S3/object storages, please ensure you add a bucket migrations to your S3.
  • Reference: objectstores.migrations in objectstores.yaml
Reference in New Issue View Git Blame Copy Permalink