Upgrade

To upgrade the chart, ensure that the prerequisites for pre-installation tasks are met on the cluster (Kubernetes or OpenShift). Consider the following factors while addressing the requirements for pre-installation tasks during the upgrade:
  • Since, upgrade takes backup of configuration data on the Persistent Volume. Ensure that you have sufficient space available to accommodate the backup and running IBM Control center data. A copy of backup is kept on Persistent Volume to enable rollback in case of upgrade failures.
  • Re-run the PodSecurityPolicy/SecurityContextConstraints scripts to ensure that the any new changes are in-place in namespace/project on Kubernetes/OpenShift cluster respectively.
  • Verify that all Control Center secrets are still valid and available on the cluster.
  • Depending upon the accessibility of the public internet on the cluster. The upgrade procedure can be Online upgrade and Offline upgrade.

Online upgrade

Online Cluster means there is public internet on the cluster. Thus, you have access to Entitled registry and IBM public GitHub repository.

Follow these steps to upgrade the chart with release name my-release:
  • Download newer helm chart as given in Download Helm Chartsection.
  • Extract the chart and execute the PodSecurityPolicy/SecurityContextConstraints scripts to ensure that any necessary changes are implemented on the cluster. Refer to the Cluster Security Requirements for guidance.
  • Upgrade the chart using below command:
    $ helm upgrade my-release ibm-sccm-3.1.1.tgz --reuse-values -f myvalues.yaml

Offline upgrade

Offline Cluster means there is not the public internet on the cluster. Thus, Entitled registry and public IBM GitHub registry cannot be accessed from cluster. So, follow the Downloading The Certified Container Software For Offline (Air Gap) Cluster.

Follow these steps to upgrade the chart with release name my-release:
  • Extract the chart and execute the PodSecurityPolicy/SecurityContextConstraints scripts to ensure that any necessary changes are implemented on the cluster. Refer to the Cluster Security Requirements for guidance.
  • Upgrade the chart using below command:
    $ helm upgrade my-release ibm-sccm-3.1.1.tgz --reuse-values -f myvalues.yaml
Refer steps mentioned in Validating the DeploymentValidating the Deployment for validating the upgrade.

Updating Keystore and Truststore

For updating keystore and truststore, follow the below procedure:
  1. If certificate files are passed through persistent volumes, the following tasks need to be completed:
    1. Update the path of keyStore and trustStore in ibm-sccm-cm.yaml file.
    2. Update ibm-sccm-secret secret with the updated value of keystore and truststore password in the base64 encoded form.
    3. Then upgrade the Helm chart with the following command::
      $ helm install <Release Name> -f values.yaml -n <Kubernetes Namespace> ./ibm-sccm-<version>.tgz
      For example:
      $ helm upgrade test -f values.yaml -n ibm-sccm ./ibm-sccm-3.1.1.tgz
  2. If certificate files are passed through secret, the following tasks needs to be done:
    1. Delete secret ibm-sccm-certs-secret and create a new one with newer certificate files.
    2. Update ibm-sccm-secret secret with the updated value of keystore and truststore password in base64 encoded form.
  3. After completing all those tasks, delete the pod using the following command:
    $ oc delete pod ibm-sccm-statefulset-0 -n ibm-sccm
    For example:
    $ helm upgrade test -f values.yaml -n ibm-sccm ./ibm-sccm-3.1.1.tgz