Upgrade Third-Party Dependencies

This page outlines the process for upgrading third-party dependencies for Terraform-based infrastructure deployments.

Third-party dependencies refer to the software that is installed by the Terraform scripts to support the deployment of kdb Insights Enterprise.

When to upgrade

Each release of kdb Insights Enterprise includes a Third-party Dependencies section in the release notes. This section lists the specific versions of the third-party infrastructure components that have been tested and verified for compatibility with that specific kdb Insights Enterprise release and provides links to download the required files.

To ensure continued stability, compatibility, and support, it is recommended that you update these dependencies in conjunction with the corresponding upgrade of kdb Insights Enterprise.

Upgrade cert-manager

Using the download links in the kdb Insights Enterprise release notes, get the latest version of the cert-manager helm chart for the specific release of kdb Insights Enterprise.
Switch to your local kxi-terraform directory.

Open the Terraform variables.tf file for your cloud provider, for example, AWS (Amazon Web Services), ACS (Azure Cloud Services), or GCP (Google Cloud Platform), and update the cert-manager helm chart version variable to the new version.

AWS ACS GCP

vi terraform/k8s_config_aws/variables.tf
variable "cert_manager_helm_version" {
....
default = "1.16.3"
}

vi terraform/k8s_config_azure/variables.tf
variable "cert_manager_helm_version" {
....
default = "1.16.3"
}

vi terraform/k8s_config_gcp/variables.tf
variable "cert_manager_helm_version" {
....
default = "1.19.1"
}

Run the manage-cluster.sh script.

LinuxWindows

./scripts/manage-cluster.sh

.\scripts\manage-cluster.bat

Run the terraform init command.
```
./scripts/terraform.sh init config
```

Run the terraform plan command.

./scripts/terraform.sh plan config -target="helm_release.cert-manager"

Run the terraform apply command.
```
./scripts/terraform.sh apply config
```
Verify the cert-manager helm chart version.
```
helm ls -n cert-manager
```

Upgrade ingress-nginx

Using the download links in the kdb Insights Enterprise release notes, get the latest version of the ingress-nginx helm chart for the specific release of kdb Insights Enterprise
Switch to your local kxi-terraform directory.

Open the Terraform variables.tf file for your cloud provider (for example, AWS, ACS, or GCP), and update the ingress-nginx helm chart version variable to the new version.

AWS ACS GCP

vi terraform/k8s_config_aws/variables.tf
variable "ingress_nginx_helm_version" {
....
default = "4.11.5"
}

vi terraform/k8s_config_azure/variables.tf
variable "ingress_nginx_helm_version" {
....
default = "4.11.5"
}

vi terraform/k8s_config_gcp/variables.tf
variable "ingress_nginx_helm_version" {
....
default = "4.11.5"
}

Run the manage-cluster.sh script.

LinuxWindows

./scripts/manage-cluster.sh

.\scripts\manage-cluster.bat

Run the terraform init command.
```
./scripts/terraform.sh init config
```

Run the terraform plan command.

./scripts/terraform.sh plan config -target="helm_release.ingress-nginx"

Run the terraform apply command.
```
./scripts/terraform.sh apply config
```
Verify the ingress-nginx helm chart version.
```
helm ls -n ingress-nginx
```

Upgrade nginx-community

Using the download links in the kdb Insights Enterprise release notes, get the latest version of the nginx-community helm chart for the specific release of kdb Insights Enterprise.
Switch to your local kxi-terraform directory.

Open the Terraform variables.tf file for your cloud provider (for example, AWS, ACS, or GCP), and update the nginx-community helm chart version variable to the new version.

AWS ACS GCP

vi terraform/k8s_config_aws/variables.tf
variable "nginx_community_helm_version" {
....
default = "2.4.1"
}

vi terraform/k8s_config_azure/variables.tf
variable "nginx_community_helm_version" {
....
default = "2.4.1"
}

vi terraform/k8s_config_gcp/variables.tf
variable "nginx_community_helm_version" {
....
default = "2.4.1"
}

Run the manage-cluster.sh script.

LinuxWindows

./scripts/manage-cluster.sh

.\scripts\manage-cluster.bat

Run the terraform init command.
```
./scripts/terraform.sh init config
```

Run the terraform plan command.

./scripts/terraform.sh plan config -target="helm_release.nginx-community"

Run the terraform apply command.
```
./scripts/terraform.sh apply config
```
Verify the nginx-community helm chart version.
```
helm ls -n nginx-community
```

Ingress post upgrade steps

If you have deployed kdb Insights Enterprise with Encryption in flight enabled, you need to re-enable this setting on your chosen Ingress Controller post upgrade.

This involves using helm and the kxi cli to interact with your kdb Insight Enterprise deploy. Follow the steps below:

ingress-nginx

Get your kdb Insights Enterprise values using helm

INSIGHTS_NAMESPACE=<insights namespace>
helm get values -n $INSIGHTS_NAMESPACE insights -o yaml > insights-values.yaml

Download and install the latest kxi cli see

Note

Requires kxi cli version 1.18.3 or greater!

Get your current ingress controller settings

helm get values -n ingress-nginx ingress-nginx -o yaml > ingress-nginx-values.yaml.1

Run the kxi cli to update your ingress controller settings

INSIGHTS_VERSION=<insights version>
kxi task run nginx --version $INSIGHTS_VERSION --encryption true -f insights-values.yaml

Get your updated ingress controller settings

helm get values -n ingress-nginx ingress-nginx -o yaml > ingress-nginx-values.yaml.2

Diff your ingress controller settings and ensure the istio podAnnotations and podLabels are present:

diff ingress-nginx-values.yaml.1 ingress-nginx-values.yaml.2

The output should look something like this:

>   podAnnotations:
>     traffic.sidecar.istio.io/excludeInboundPorts: "443"
>     traffic.sidecar.istio.io/includeInboundPorts: ""
>   podLabels:
>     sidecar.istio.io/inject: "true"

nginx-community

Get your kdb Insights Enterprise values using helm:

INSIGHTS_NAMESPACE=<insights namespace>
helm get values -n $INSIGHTS_NAMESPACE insights -o yaml > insights-values.yaml

Download and install the latest kxi cli, refer to the installation guide for more details.

Note

Requires kxi cli version 1.18.3 or greater!

Get your current ingress controller settings:

helm get values -n nginx-community nginx-community -o yaml > nginx-community-values.yaml.1

Run the kxi cli to update your ingress controller settings:

INSIGHTS_VERSION=<insights version>
kxi task run nginx-f5 --version $INSIGHTS_VERSION --encryption true -f insights-values.yaml

Get your updated ingress controller settings:

helm get values -n nginx-community nginx-community -o yaml > nginx-community-values.yaml.2

Diff your ingress controller settings and ensure the istio podAnnotations and podLabels are present:

diff nginx-community-values.yaml.1 nginx-community-values.yaml.2

The output should look similar to the below:

>   podAnnotations:
>     traffic.sidecar.istio.io/excludeInboundPorts: "443"
>     traffic.sidecar.istio.io/includeInboundPorts: ""
>   podLabels:
>     sidecar.istio.io/inject: "true"

Upgrade Rook-Ceph

Important

Rook-Ceph must be upgraded one minor version at a time. For example, to upgrade from 1.15.9 to 1.17.0, two sequential minor version upgrades are required: 1.15.9 -> 1.16.7 -> 1.17.0.

Review the rook-ceph release notes for breaking changes.

Read the rook-ceph upgrade documentation for more details.

Prepare the environment

Using the download links in the kdb Insights Enterprise release notes, get the latest version of the rook-ceph helm chart for the specific release of kdb Insights Enterprise. Remember to upgrade one minor version at a time.
Switch to your local kxi-terraform directory.
Update the rook_ceph_helm_version variable in terraform/modules/rook-ceph-helm/variables.tf to the next minor version and latest available patch version.

Run the manage-cluster.sh script.

LinuxWindows

./scripts/manage-cluster.sh

.\scripts\manage-cluster.bat

Export the cloud Terraform variable.
```
export TF_VAR_cloud=$CLOUD
```
Export the cluster_name Terraform variable.
```
export TF_VAR_cluster_name=$CLOUD-$ENV
```
Export the region Terraform variable.
```
export TF_VAR_region=$REGION
```
Export the architecture_profile Terraform variable.
```
export TF_VAR_architecture_profile=$PROFILE
```
Run the terraform init command.
```
./scripts/terraform.sh init config
```

Switch to the config Terraform stage directory for your cloud provider.

AWS ACS GCP

cd terraform/k8s_config_aws

cd terraform/k8s_config_azure

cd terraform/k8s_config_gcp

Upgrade the rook-ceph operator

Run the terraform plan command for the rook-ceph helm chart.

terraform plan -out=.terraform/rook-ceph-$CLOUD-$ENV.tfplan -target=module.rook-ceph-helm[0].helm_release.rook_ceph

The output should confirm that the rook-ceph helm chart will be upgraded to the specified version.

# module.rook-ceph-helm[0].helm_release.rook_ceph will be updated in-place
  ~ resource "helm_release" "rook_ceph" {
        id                         = "rook-ceph"
        name                       = "rook-ceph"
      ~ version                    = "v1.15.9" -> "v1.16.7"
        # (27 unchanged attributes hidden)
    }

Upgrade the rook-ceph helm chart

terraform apply -input=false .terraform/rook-ceph-$CLOUD-$ENV.tfplan

Upgrade the rook-ceph cluster

Run the terraform plan command for the rook-ceph-cluster helm chart.

terraform plan -out=.terraform/rook-ceph-cluster-$CLOUD-$ENV.tfplan -target=module.rook-ceph-helm[0].helm_release.rook-ceph-cluster

The output should confirm that the rook-ceph helm chart will be upgraded to the specified version.

# module.rook-ceph-helm[0].helm_release.rook_ceph will be updated in-place
  ~ resource "helm_release" "rook_ceph" {
        id                         = "rook-ceph-cluster"
        name                       = "rook-ceph-cluster"
      ~ version                    = "v1.15.9" -> "v1.16.7"
        # (27 unchanged attributes hidden)
    }

Upgrade the rook-ceph-cluster helm chart

terraform apply -input=false .terraform/rook-ceph-cluster-$CLOUD-$ENV.tfplan