Rolling Upgrade for Certified Container

Note: All application endpoint routes are end-to-end encrypted (HTTPS) by default in Sterling B2B Integrator versions >= v6.1.2.0. In case, end-to-end encryption was not configured on your older Sterling B2B Integrator v6.1.0.x deployments, the admin dashboard and other user interface (UI) endpoint routes will not be accessible during the upgrade until the db setup is complete, if enabled, or one of the ASI pods from the cluster gets upgraded to the latest version and moves to the ready state. Meanwhile, the backend endpoints for protocols or adapters will continue to be accessible during the upgrade.
  1. Configure end-to-end encryption in the current 6.1.0.x deployment. For this, configure a certificate key pair against the ASISSLCert system certificate and the corresponding CA certificate against the CA configuration available in the Digitial Certificates section of the admin dashboard UI. For more information, see Digital Certificates.
  2. Enable the TLS configuration in the Helm configuration for routes or ingress to switch application endpoints to HTTPS. Also enable asi.internalAccess.enableHttps configuration to access application HTTPS endpoints for end-to-end encryption. For more information, Configuring external access for application frontend or user interface (HTTP/HTTPS) endpoints.
  3. Perform the Helm upgrade after the configuration changes in the previous step. The routes should now be updated to HTTPS.
  4. Patch the routes with the destination CA certificate with the CA certificate from step 1. For more information, see Configuring external access for application frontend or user interface (HTTP/HTTPS) endpoints.
  5. To ensure continuity of the end-to-end TLS configuration, create a tls secret with the same ASISSLCert key certificate pair from step 1 and configure the tls secret name in asi.internalAccess.tlsSecretName configuration in the latest Helm charts.
    Note: The group access permissions for all configured volumes should be continued by configuring the same supplemental group and/or fsgroup in the latest Helm charts during the upgrade.