The following provides important information related to 2.0:
Removed Values from the Helm Chart
The following values have been removed from the Helm chart:
mzOperator.clusterWide
mzOperator.experimental.performPeriodicWorkflowCleanup
jmx.remote
platform.debug.jmx
platform.persistence.*
: Please use thepersistence.*
values instead.ingress-nginx-v4.*
: The bundled ingress-nginx helm chart that was installed by settingingress-nginx-v4.enabled=true
has been removed. If you were using this, immediately after upgrading upgrading to 3.0.0, please install the Ingress NGINX controller helm chart on its own in order to secure a smooth as possible upgrade. Example:helm install my-ingress ingress-nginx/ingress-nginx --version 4.0.17 -f ingress-nginx-values.yaml
ingress-nginx-values.yaml
contains the values. As a reference these were the default values used for the bundled ingress-nginx helm chart:controller: scope: enabled: true admissionWebhooks: enabled: false metrics: enabled: false serviceMonitor: enabled: false ingressClassResource: name: nginx enabled: true default: false controllerValue: "k8s.io/ingress-nginx" watchIngressWithoutClass: false service: targetPorts: http: 80 https: 443 type: NodePort extraArgs: v: 1 containerSecurityContext: runAsUser: 101 allowPrivilegeEscalation: true serviceAccount: create: false
ingress-nginx-v4.enabled=true
), make sure to set theaws.ingress.serviceName
value to the service name of the separately installed ingress nginx (used to be<your usage engine private edition helm installation name>-ingress-nginx-v4-controller
but now it will have a different prefix since it is installed separately).suspend.crontab
andsuspend.duration
: Please use thesuspend.from
andsuspend.until
values instead.The default resources for the platform container have been removed. From now on it is an active choice to set resources if needed. The default resources used to be:
platform: resources: limits: memory: 2350Mi requests: memory: 256Mi
By default, this is now just:
platform: resources: {}
- The default dockerhub image pull secret has been removed. If you are pulling the container images from a private container registry, the image pull secret(s) can be specified via the
global.imagePullSecrets
values.
Changed Values in the Helm Chart
- The
mzOperator.*
values have been moved tooperator.*
. - The operator has been made more event driven and less dependent on frequent periodic synchronizations.
- As a result the default synchronization period has changed from 30 seconds to 300 seconds (5 minutes).
Use theoperator.syncPeriod
value to set a different synchronization period. Also, if you are using your own service account(s) for your ECD(s), specified via the
operator.common.ecd
value, then you need to make sure that it has permissions toget
andpatch
thepods/status
resource.Example rule specificationkind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: my-ecd-role rules: - apiGroups: [""] resources: ["pods/status"] verbs: ["get", "patch"]
- As a result the default synchronization period has changed from 30 seconds to 300 seconds (5 minutes).
The default memory limits for the platform JVM has changed. What used to be:
jvmArgs: - XX:MaxDirectMemorySize=4096m - XX:MaxMetaspaceSize=256m - Xms256m - Xmx512m
Is now:
jvmArgs: - XX:MaxMetaspaceSize=512m - Xms256m - Xmx2g
Action Required for Rollback from 3.x to 2.x
If you need to perform a helm rollback from a 3.x version to a 2.x version, the existing EC Deployment need to patched after having run the helm rollback command.
This can be done with the following shell command:
kubectl get deployments.apps -o custom-columns=NAME:metadata.name --no-headers | while read depl; do \ if [[ -n $(kubectl get deployments.apps $depl -o=jsonpath="{.spec.template.metadata.labels.ECDeployment}") ]]; \ then kubectl patch deployments.apps $depl -p '{"spec":{"template":{"spec":{"readinessGates":null}}}}'; \ fi; \ done
The reason for this is that the custom readiness gate introduced in version 3.0.0 will otherwise block the existing EC Deployments from being fully rolled back.
Deprecated Ingress Controller
If you use the bundled ingress controller, i.e. setting helm value nginx.enabled=true, it should be noted that this was deprecated a while back and will not work in Kubernetes v1.22 or later. Reason being that it relates to API:s that are removed in Kubernetes v1.22.
The solution to this is to install the Ingress NGIX controller helm chart separately.
0 Comments