From f8737ef3246fd3ce97d8ac3958317058c5957906 Mon Sep 17 00:00:00 2001 From: Divyansh Bhowmick <126799799+bhowd1@users.noreply.github.com> Date: Fri, 27 Oct 2023 14:23:52 +0530 Subject: [PATCH] US-563606-1: Upgrade ES Server Version 7.10.2 to 7.17.9 for Internal Elasticsearch (#647) * US-563606-1: Upgrade ES Server Default Version * Updated Makefile to update certs in case of TLS * Updated make file for external secrets update * Removed legacy flag * Updated README file. * Updated Readme * Updated Readme * Update comment to explain es helm & server version * Lint changes * Updated Readme and Make file * Lint fixes * Lint fixes --------- Co-authored-by: MadhuriArugula --- charts/backingservices/Makefile | 12 +++++++++++ charts/backingservices/charts/srs/README.md | 24 +++++++++++++++++++-- charts/backingservices/requirements.yaml | 3 ++- charts/backingservices/values.yaml | 7 +++--- 4 files changed, 40 insertions(+), 6 deletions(-) diff --git a/charts/backingservices/Makefile b/charts/backingservices/Makefile index fbdc4e663..e83a7aa70 100644 --- a/charts/backingservices/Makefile +++ b/charts/backingservices/Makefile @@ -26,3 +26,15 @@ purge-es-secrets: external-es-secrets: kubectl create secret generic srs-certificates --from-file=$(PATH_TO_CERTIFICATE) --namespace=$(NAMESPACE) + +purge-srs-secrets: + kubectl delete secrets srs-certificates --namespace=$(NAMESPACE) || true + +purge-secrets: purge-es-secrets + make purge-srs-secrets + +update-secrets: purge-secrets + make es-prerequisite + +update-external-es-secrets: purge-srs-secrets + make external-es-secrets \ No newline at end of file diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md index 1c2a5fbf4..feffbb959 100644 --- a/charts/backingservices/charts/srs/README.md +++ b/charts/backingservices/charts/srs/README.md @@ -57,7 +57,7 @@ To deploy Pega Platform with the SRS backing service, the SRS helm chart require | `deploymentName` | Specify the name of your SRS cluster. Your deployment creates resources prefixed with this string. This is also the service name for the SRS. | | `srsRuntime` | Use this section to define specific resource configuration options like image, replica count, cpu and memory resource settings in the SRS. | | `busybox` | When provisioning an internally managed Elasticsearch cluster, you can customize the location and pull policy of the Alpine image used during the deployment process by specifying `busybox.image` and `busybox.imagePullPolicy`. | -| `elasticsearch` | Define the elasticsearch cluster configurations. The [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch/values.yaml) chart defines the values for Elasticsearch provisioning in the SRS cluster. For internally provisioned Elasticsearch the default version is set to `7.10.2`. Set the `elasticsearch.imageTag` parameter in values.yaml to `7.16.3` to use this supported version in the SRS cluster. | +| `elasticsearch` | Define the elasticsearch cluster configurations. The [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch/values.yaml) chart defines the values for Elasticsearch provisioning in the SRS cluster. For internally provisioned Elasticsearch the default version is set to `7.17.9`. Set the `elasticsearch.imageTag` parameter in values.yaml to `7.16.3` to use this supported version in the SRS cluster. | | `k8sProvider` | Specify your Kubernetes provider name. Supported values are [`eks`, `aks`, `minikube`, `gke`, `openshift`, `pks`].. ### Enabling security between SRS and Elasticsearch @@ -78,7 +78,7 @@ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.1 | `tls` | Set to `true` to enable the SRS service to authenticate to your organization's available Elasticsearch service. | | `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials. | | `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials. | -| `srsStorage.provisionInternalESCluster` | | +| `srsStorage.provisionInternalESCluster` | | | `domain` | Enter the DNS entry associated with your external Elasticsearch service. | Note: Only .p12 and .jks certificates are supported. @@ -157,3 +157,23 @@ srs: requireInternetAccess: false ``` +### Steps to upgrade SRS (with Internal Elasticsearch) to Kubernetes Cluster Version >=1.25 + +To support SRS on Kubernetes version >=1.25 you need to use Elasticsearch server version 7.17.9. If you are using an earlier version (7.10.2 or 7.16.3) of Elasticsearch in your deployment, to upgrade to 7.17.9, you need to perform the following steps: +1. Get the latest backingservices Helm chart which supports `k8s version >=1.25`. +2. Update the SRS and Elasticsearch certificates by running the following Make command: + ```bash + make update-secrets NAMESPACE= ELASTICSEARCH_VERSION=7.17.9 + ``` +3. To use Elasticsearch version 7.17.9, inspect the values.yaml file from the latest backingservices helm chart and confirm if the imageTag parameter in the values.yaml file is same as in the example below: + ```yaml + elasticsearch: + imageTag: 7.17.9 + ``` +4. Upgrade your deployment using the following Helm command: + ```bash + helm upgrade backingservices pega/backingservices --version --namespace --values + ``` +5. Verify that the Elasticsearch pods status is Running. +6. Restart the old SRS pods and verify that the status of the new pods is Running. +7. Verify all pods are running and working as expected. \ No newline at end of file diff --git a/charts/backingservices/requirements.yaml b/charts/backingservices/requirements.yaml index 891dcd358..5bd71adf5 100644 --- a/charts/backingservices/requirements.yaml +++ b/charts/backingservices/requirements.yaml @@ -3,9 +3,10 @@ # NOTE: For kubernetes version >=1.25 or Elasticsearch version 7.17.9, # use 7.17.3 for the elasticsearch 'version' parameter below (for Elasticsearch version 7.17.9, you will still use 7.17.9 in the backingservices values.yaml). # To disable deploying Elasticsearch in SRS, set the 'srs.srsStorage.provisionInternalESCluster' parameter in backingservices values.yaml to false. +# The dependencies.version parameter refers to the Elastcisearch Helm chart version, not Elasticsearch server version. dependencies: - name: elasticsearch - version: "7.10.2" + version: "7.17.3" repository: https://helm.elastic.co/ condition: srs.srsStorage.provisionInternalESCluster - name: constellation diff --git a/charts/backingservices/values.yaml b/charts/backingservices/values.yaml index 502574921..b4a5cce18 100644 --- a/charts/backingservices/values.yaml +++ b/charts/backingservices/values.yaml @@ -80,9 +80,10 @@ constellation: # based on helm charts defined at https://github.com/elastic/helm-charts/tree/master/elasticsearch and may be modified # as per runtime and storage requirements. elasticsearch: - # for internally provisioned elasticsearch version is set to 7.10.2. Use this imageTag configuration to update it to 7.16.3 or - # 7.17.9 if required. However, we strongly recommend to use version 7.17.9. - imageTag: 7.10.2 + # For internally provisioned Elasticsearch server, the imageTag parameter is set by default to 7.17.9, which is the recommended Elasticsearch server version + # for k8s version >= 1.25. + # Use this parameter to change it to 7.10.2 or 7.16.3 for k8s version < 1.25 and make sure to update the Elasticsearch helm chart version in requirements.yaml. + imageTag: 7.17.9 # Permit co-located instances for solitary minikube virtual machines. antiAffinity: "soft" # Shrink default JVM heap.