Skip to content

1.16.x to 1.22.x

This guide provides instructions for upgrading a Controller from version 1.16 to 1.22 in a Google Cloud Environment.

Before Upgrading

Check the following:

  • Check that all clusters under the required projects are running and healthy.
  • Check that the usage of CPU, memory, and other parameters are normal.
  • Check that applications and services that were installed using a custom Blueprint are running.
  • Check that the machine/server has sufficient memory to install a new image.
  • Check that the management VM has at least 30 GB available in the / directory.

Follow these steps before upgrading:

  • Navigate to the tmp folder and remove the folders created by the Rafay Controller package. This step is optional.

    cd /tmp
sudo rm -rf radm.log rafay-dep rafay-cluster rafay-core istio

  • Delete the rafay-core-upload-agent-config-file. A change in the job spec in the latest version will not patch the upgraded controller.

    kubectl delete job -n rafay-core rafay-core-upload-agent-config

Upgrade Services

Install RADM Services

  • Download the new package.

    wget https://rafay-airgap-controller.s3.us-west-2.amazonaws.com/1.22/rafay-controller-1.22-09PAN.tar.gz

  • Validate the package using md5sum. The example below includes the response.

    md5sum rafay-controller-1.22-09PAN.tar.gz
4d828596357b6b2dba1acc9365cf929f  rafay-controller-1.22-09PAN.tar.gz

  • Untar the package.

    tar -xf rafay-controller-1.22-09PAN.tar.gz

  • Backup the config.yaml file from the v1.16 Controller package.

    cp -rp config.yaml config.yaml-1.16

  • Navigate to the latest Controller package and run the following command.

    cp -rp config.yaml-gke-tmpl config.yaml

  • Open the config.yaml file and update the values. These should match the v1.16 config.yaml file. With the Vi editor, press i to insert text. To save the file, press Esc, then type :wq and press Enter.

    vi config.yaml

    Example config.yaml file

    apiVersion: radm.k8s.io/v1
kind: InitConfiguration
metadata:
  name: "RafayAirGapController"
spec:
  blueprintVersion: v1
  # networking:         # Interface for core traffic. Default picks the primary interface.
    # interface: ens3
  deployment:
    type: "GKE"   # Supports "airgap", "EKS", "GKE" and "AKS".
    ha: true
  database:
    external-database: true
    host: ""
    port: "5432"
  dns:
    enabled: true
    gke:
      serviceAccount: "[email protected]"  #format is "<ServiceAccount_Name>@<GCP_PROJECT_ID>.iam.gserviceaccount.com"
      hosted_zone_id: "rafay_zone"
  backup_restore:
    enabled: true
    restore: false
    schedule: "*/10 * * * *"  #"*/10 * * * *" #Takes backup of rafay-core namespace every 10 min
    bucketName: "rafay-bucket" #storage container name
    gke:
      serviceAccount: "[email protected]"  #format is "<ServiceAccount_Name>@<GCP_PROJECT_ID>.iam.gserviceaccount.com"
  repo:
    infra-archive:
      path: /home/opc/rafay/rafay-infra-centos.tar.gz
      dir: /tmp
    dep-archive:
    - name: istio
      path: /home/opc/rafay/istio-1.14.3-blueprint.tar.gz
    - name: rafay-dep
      path: /home/opc/rafay/rafay-dep.tar.gz
    app-archive:
    - name: rafay-core
      path: /home/opc/rafay/rafay-core.tar.gz
    cluster-archive:
    - name: rafay-cluster
      path: /home/opc/rafay/rafay-cluster.tar.gz
  app-config:
    generate-self-signed-certs: false         # TRUE creates self-signed certs for all controller endpoints. FALSE will use certs updated at console-certificates.certificate
    console-certificates:                    # add the wildcard cert for the star-domain only when generate-self-signed-certs is false.
      certificate: "RXhhbXBsZSBDZXJ0aWZpY2F0ZQ=="
      key: "RXhhbXBsZSBLZXk="
    partner:
      star-domain: "rafay.example.com"      # Provide the wildcard             # Display logo in UI, Default picks
  override-config:
    gloabl.tsdb.gke.bucket: "rafay-bucket"
    global.secrets.tsdb.gke.storage_account_key: "RW50ZXIgU3RvcmFnZSBhY2NvdW50IGtleQ=="
    global.external_lb: "false"
    global.secrets.aws_account_id: "1234567890"       # Used for AWS IAM role based cluster provisioning, Add below secrets after encoding it with Base64.
    global.secrets.aws_access_key_id: "RHVtbXk="
    global.secrets.aws_secret_access_key: "Y2hhbmdlcGx6"
    global.disable_xframe_Cors_policy: "true" # When True, we disable x-frame header and Cors policy in UI
    nfs.server: "" # <IP Address of Filestore Instance>
    nfs.path: "/volumes"

  • Install the Controller dependencies.

    ./radm dependency --config config.yaml --kubeconfig <config file from gke cluster>

  • Install the Application.

    ./radm application --config config.yaml --kubeconfig <config file from gke cluster>

  • Delete the Repository pod for adding new changes.

    kubectl delete po -n rafay-core nexus-0

Database Migration for Allowing the New GKE Blueprint

  • Get the configv2 database password

    kubectl get secrets -n rafay-core
configv2db-db-secret --template={{.data.password}} | base64 -d

  • Log in to the database using the password.

    psql -h <DataBase-IP> -U configv2dbuser -d configv2db

  • Update the Blueprint using the following SQL commands in the database.

    configv2db=> select name,type from config_blueprints;

configv2db=> update config_blueprints set type = 'GlobalBlueprint' where name = 'default-gke';

configv2db=> \q

  • Clear the Blueprint cache by restarting rafay-config.

    kubectl rollout restart deployment -n rafay-core rafay-config

  • Perform the following database migration steps for the Blueprint sync on older clusters. This step allows changes to take effect when adding a new Nexus repository.

    Login to ops-console using https://ops-console.<star-domain>

Add /edge/v1/migrations/ at the end of the url like below.

https://ops-console.<example.dev.rafay>/edge/v1/migrations/ and hit enter.

Output :
   {"result":"updated cluster default overrides successfully"}

  • Run the following cluster command.

    ./radm cluster --config config.yaml --kubeconfig <gke cluster config file>

The upgrade is complete.