Important Information (3.0.3)

Owned by Jenni Wallin
Last updated: Nov 20, 2023 by Yeok Hong Ng
3 min read

The following provides important information related to Usage Engine 3.0.3:

Removed Values from the Helm Chart

The following values have been removed from the Helm chart:

  • mzOperator.clusterWide
  • mzOperator.experimental.performPeriodicWorkflowCleanup
  • jmx.remote
  • platform.debug.jmx
  • platform.persistence.*: Please use the persistence.* values instead.

  • ingress-nginx-v4.*: The bundled ingress-nginx helm chart that was installed by setting ingress-nginx-v4.enabled=true has been removed. If you were using this, immediately after upgrading to 3.0.0, please install the Ingress NGINX controller helm chart on its own in order to secure a smooth as possible upgrade. Example:

    helm install my-ingress ingress-nginx/ingress-nginx --version 4.0.17 -f ingress-nginx-values.yaml

    where ingress-nginx-values.yaml contains the values. As a reference these were the default values used for the bundled ingress-nginx helm chart:

    controller:
  scope:
    enabled: true
  admissionWebhooks:
    enabled: false
  metrics:
    enabled: false
    serviceMonitor:
      enabled: false
  ingressClassResource:
    name: nginx
    enabled: true
    default: false
    controllerValue: "k8s.io/ingress-nginx"
    watchIngressWithoutClass: false
  service:
    targetPorts:
      http: 80
      https: 443
    type: NodePort
  extraArgs:
    v: 1
  containerSecurityContext:
    runAsUser: 101
    allowPrivilegeEscalation: true
serviceAccount:
  create: false

    If you are on AWS and were using the bundled ingress-nginx (by setting ingress-nginx-v4.enabled=true), make sure to set the aws.ingress.serviceName value to the service name of the separately installed ingress nginx (used to be <your usage engine private edition helm installation name>-ingress-nginx-v4-controller but now it will have a different prefix since it is installed separately).

  • suspend.crontab and suspend.duration: Please use the suspend.from and suspend.until values instead.

  • The default resources for the platform container have been removed. From now on it is an active choice to set resources if needed. The default resources used to be:

    platform:
  resources:
    limits:
      memory: 2350Mi
    requests:
      memory: 256Mi

    By default, this is now just:

    platform:
  resources: {}

  • The default dockerhub image pull secret has been removed. If you are pulling the container images from a private container registry, the image pull secret(s) can be specified via the global.imagePullSecrets values.

Changed Values in the Helm Chart

  • The mzOperator.* values have been moved to operator.*.
  • The operator has been made more event driven and less dependent on frequent periodic synchronizations.
    • As a result the default synchronization period has changed from 30 seconds to 300 seconds (5 minutes).
      Use the operator.syncPeriod value to set a different synchronization period.

    • Also, if you are using your own service account(s) for your ECD(s), specified via the operator.common.ecd value, then you need to make sure that it has permissions to get and patch the pods/status resource.

      Example rule specification
      kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: my-ecd-role
rules:
  - apiGroups: [""]
    resources: ["pods/status"]
    verbs: ["get", "patch"]

  • The default memory limits for the platform JVM has changed. What used to be:

    jvmArgs:
  - XX:MaxDirectMemorySize=4096m
  - XX:MaxMetaspaceSize=256m
  - Xms256m
  - Xmx512m

    Is now:

    jvmArgs:
  - XX:MaxMetaspaceSize=512m
  - Xms256m
  - Xmx2g

Action Required for Rollback from 3.x to 2.x

If you need to perform a helm rollback from a 3.x version to a 2.x version, the existing EC Deployment need to patched after having run the helm rollback command.

This can be done with the following shell command:

kubectl get deployments.apps -o custom-columns=NAME:metadata.name --no-headers | while read depl; do \
if [[ -n $(kubectl get deployments.apps $depl -o=jsonpath="{.spec.template.metadata.labels.ECDeployment}") ]]; \
then kubectl patch deployments.apps $depl -p '{"spec":{"template":{"spec":{"readinessGates":null}}}}'; \
fi; \
done

The reason for this is that the custom readiness gate introduced in version 3.0.0 will otherwise block the existing EC Deployments from being fully rolled back.

Deprecated Ingress Controller

If you use the bundled ingress controller, i.e. setting helm value nginx.enabled=true, it should be noted that this was deprecated a while back and will not work in Kubernetes v1.22 or later. Reason being that it relates to API:s that are removed in Kubernetes v1.22.

The solution to this is to install the Ingress NGIX controller helm chart separately.