Upgrading Guardium Insights manually

You can upgrade Guardium® Insights manually or by using the all-in-one script.

About this task

Use the following procedure to manually upgrade Guardium Insights. If you are upgrading Guardium Insights by using the all-in-one script, you can skip this procedure.

Procedure

Switch to namespace for the Guardium Insights deployment.
```
oc project ${NAMESPACE}
```

Run the preinstall script. This script sets up secrets and parameters for the Guardium Insights instance.

export GI_INVENTORY_SETUP=install

If you are using ODF storage, include -q true in the following command:

oc ibm-pak launch $CASE_NAME \
  --version $CASE_VERSION \
  --namespace ${NAMESPACE} \
  --inventory install     \
  --action preInstall    \
  --tolerance 1 \
  --args "-n ${NAMESPACE} -h <DB worker host> -l true"

Install the Guardium Insights catalog.

oc ibm-pak launch $CASE_NAME \
--version $CASE_VERSION \
--inventory $GI_INVENTORY_SETUP \
--action install-catalog \
--namespace openshift-marketplace \
--args "--inputDir ${LOCAL_CASE_DIR}"

Verify that the catalogs are installed.

oc get pods -n openshift-marketplace

The output is similar to the following example.

NAME                                                     READY   STATUS      RESTARTS      AGE
ibm-cert-manager-catalog-mxm95                           1/1     Running     0             176m
ibm-cloud-databases-redis-operator-catalog-xlsbk         1/1     Running     0             28h
ibm-db2uoperator-catalog-dd45c                           1/1     Running     0             2m11s
ibm-guardium-insights-operator-catalog-lnprq             1/1     Running     0             68s
ibm-redis-cp-operator-catalog-ljn58                      1/1     Running     0             74s

Install the operator.

oc ibm-pak launch $CASE_NAME \
--version $CASE_VERSION \
--inventory $GI_INVENTORY_SETUP \
--action install-operator \
--namespace ${NAMESPACE} \
--args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key --inputDir ${LOCAL_CASE_DIR}"

Verify the cluster service version for Guardium Insights is present.

oc get csv -w

The output is similar to the following example.

NAME                                          DISPLAY                                                         VERSION     REPLACES                            PHASE 
cloud-native-postgresql.v1.18.12              EDB Postgres for Kubernetes                                     1.18.12     cloud-native-postgresql.v1.18.10    Succeeded 
db2u-operator.v110509.0.2                     IBM Db2                                                         110509.0.2                                      Succeeded 
ibm-cert-manager-operator.v4.2.1              IBM Cert Manager                                                4.2.1                                           Succeeded 
ibm-common-service-operator.v4.6.4            IBM Cloud Pak foundational services                             4.6.4                                           Succeeded 
ibm-commonui-operator.v4.4.3                  Ibm Common UI                                                   4.4.3                                           Succeeded 
ibm-events-operator.v5.0.1                    IBM Events Operator                                             5.0.1                                           Succeeded 
ibm-guardium-insights-operator.v3.5.0         IBM Security Guardium Insights for IBM Cloud Pak for Security   3.5.0                                           Succeeded 
ibm-iam-operator.v4.5.3                       IBM IM Operator                                                 4.5.3                                           Succeeded 
ibm-redis-cp.v1.1.9                           ibm-redis-cp-operator                                           1.1.9                                           Succeeded 
ibm-zen-operator.v5.1.6                       IBM Zen Service                                                 5.1.6                                           Succeeded 
operand-deployment-lifecycle-manager.v4.3.3   Operand Deployment Lifecycle Manager                            4.3.3                                           Succeeded

Verify that the operators are installed.

oc get pods -n ${NAMESPACE}

The output is similar to the following example.

NAME                                                        READY   STATUS      RESTARTS   AGE
db2u-day2-ops-controller-manager-8df8c5d5d-9wnwn            1/1     Running     0          4m39s
db2u-operator-manager-5d648888f5-m9vpk                      1/1     Running     0          4m39s
ibm-cloud-databases-redis-operator-844bb8cf74-bt6hg         1/1     Running     0          28h
ibm-common-service-operator-c6b89b79c-nspd4                 1/1     Running     0          36m
ibm-guardium-insights-operator-57f5b589f9-tlpmw             1/1     Running     0          2m18s
ibm-mongodb-operator-776d8fd6cc-n2vq2                       1/1     Running     0          33m
mongodb-kubernetes-operator-bd7d99976-zwv79                 1/1     Running     0          2m58s
platform-auth-service-599b7cc76f-tjwx7                      1/1     Running     0          33m
platform-identity-management-589c68c45b-2mn4h               1/1     Running     0          33m
platform-identity-provider-9546f7d64-f7c6x                  1/1     Running     0          33m

Prepare for a Guardium Insights upgrade.
1. Update the Guardium Insights custom resource file by using the following command.
```
oc edit guardiuminsights -n=${NAMESPACE}
```
2. Change the version to 3.4.0.
3. Change the license.licenseType to L-ZNAM-9BHMTZ.
4. Change the guardiumInsightsGlobal.insights.ics.namespace to GI_NAMESPACE.
5. If you are using OpenShift® Data Foundation (ODF), add the following line under guardiumInsightsGlobal in the custom resource (CR) file.
```
ssh-service: serviceAccount: insights-odf-ssh-service-sa
```
6. Monitor the reconciliation by using the following command.
```
oc get guardiuminsights –w 
```
  In the following output example, the DESIRED_VERSION is updated to 3.4.0. The displayed versions in the output vary based on the Guardium Insights version that you want to upgrade to and the current version on your system.
```
NAME      TYPE      STATUS   REASON       MESSAGE                   DESIRED_VERSION   INSTALLED_VERSION
staging   Ready     True     Complete     Completed Reconciliation   3.4.0            3.4.0            
```

What to do next

After you upgrade the Cloud Pak foundational services version, you can remove the older version of Cloud Pak foundational services by completing the following steps.

Verify that no other products use the Cloud Pak foundational services version that you want to remove.
Remove the ibm-common-services namespace by completing the steps in Uninstalling foundational services.
Remove the remaining resources in the cs-control namespace by completing the steps in Uninstalling the remaining resources after migrating to foundational services version 4.x.