Skip to main content
Skip table of contents

Upgrade VeridiumID Containers from 3.7.1 to v3.7.2

1. Prerequisites

Please install the following software on the machine that will be used to deploy VeridiumID:

2. Download docker images

If using a custom Docker registry, please download and unpack the following archive, then upload its contents to your Docker registry.

Name

URL

SHA256

MD5

veridiumid-saas-images-3.7.2.tar.gz

https://veridium-repo.veridium-dev.com/repository/docker-images/11.2.65/veridiumid-saas-images-3.7.2.tar.gz

c55a4fa1071dff2981852a3ed5687d68a230fefbf1e9719f8225f71e6c0f7a7d

c0f2d0745863fd918d900aeb92521e95

3. Change directory to the folder where veridium-containers folder is located

4. Download required files

CODE 
wget --user <NEXUS_USER> --password <NEXUS_PASSWORD> https://veridium-repo.veridium-dev.com/repository/helm-releases/veridiumid-containers/3.7.2/veridiumid-saas-3.7.2.zip

unzip -o veridiumid-saas-3.7.2.zip -d 3.7.2

5. Upgrade Zookeeper and Elasticsearch images.

The NAMESPACE and ENV_NO variables should be set according to your existing installation.

Perform the following modifications:

  • In veridiumid-containers/eck-operator-values.yaml, remove the image.tag field.

  • In veridiumid-containers/zookeeper-operator-values.yaml, remove the image.tag field.

  • In veridiumid-containers/elasticsearch-values.yaml, update all occurrences of 8.6.1 to 8.6.1-r1, then 1.28.3 to 1.28.3-r1.

CODE 
# update ECK operator
helm upgrade --install -n <NAMESPACE> -f veridiumid-containers/eck-operator-values.yaml eck-operator-<ENV_NO> ../3.7.2/helm/eck-operator-2.1.0.tgz

# update zookeeper-operator
helm upgrade --install -n <NAMESPACE> -f veridiumid-containers/zookeeper-operator-values.yaml zookeeper-operator-<ENV_NO> ../3.7.2/helm/zookeeper-operator-0.2.15.tgz

# update elasticsearch
helm upgrade --install -n <NAMESPACE> -f veridiumid-containers/elasticsearch-values.yaml elasticsearch-<ENV_NO> ../3.7.2/helm/elasticsearch-0.2.3.tgz
# force restart, if necessary:
oc -n <NAMESPACE> delete sts elasticsearch-<ENV_NO>-es-default 

# update zookeeper
helm upgrade --install -n <NAMESPACE> --timeout 60m -f veridiumid-containers/zookeeper-values.yaml zookeeper-<ENV_NO> ../3.7.2/helm/zookeeper-0.2.15.tgz

6. Upgrade VeridiumID

The NAMESPACE and ENV_NO variables should be set according to your existing installation.

CODE 
helm upgrade --install -n <NAMESPACE> -f veridiumid-containers/veridiumid-values.yaml veridiumid ../3.7.2/helm/veridiumid-0.6.12.tgz

7. Upgrade Cassandra and K8ssandra-operator

7.1. Disable medusa, medusa_backup and update sasi property name

Configuration Updates for veridiumid-containers/k8ssandra-values.yaml

  • Set .medusa.enable to false.

  • Set .medusa_backup.enable to false.

  • Remove the .cassandra.config.cassandraYaml.enable_sasi_indexes field.

CODE 
helm upgrade --install -n $NAMESPACE -f veridiumid-containers/k8ssandra-values.yaml --timeout 60m k8ssandra-$ENV_NO helm/vid-k8ssandra-0.6.7.tgz

7.2. Install new CRD

The new CustomResourceDefinitions are available in ./3.7.2/values/veridiumid-crds/k8ssandra-operator.yaml

7.3. Update RBAC rules

The updated RBAC rules for K8ssandra are available in ./3.7.2/values/rbac/rbac-service-accounts-rules_k8ssandra.yaml. The files are templates, so run the following command to replace the placeholders:

CODE 
sed -i "s|<ENV_NO>|$ENV_NO|g" ./3.7.2/values/rbac/*.yaml
sed -i "s|<NAMESPACE>|$NAMESPACE|g" ./3.7.2/values/rbac/*.yaml

Next, apply the ./3.7.2/values/rbac/rbac-service-accounts-rules_k8ssandra.yaml file.

7.4. Upgrade k8ssandra-operator

Ensure the per-node configuration is compatible with the updated operator version:

CODE 
oc -n $NAMESPACE label cm/cassandra-$ENV_NO-dc1-per-node-config k8ssandra.io/cleaned-up-by=k8ssandracluster-controller

Copy the new version of values file to the working folder.

CODE 
cp ../3.7.2/values/k8ssandra-operator-values.yaml veridiumid-containers/k8ssandra-operator-values.yaml

Configuration Updates for veridiumid-containers/k8ssandra-operator-values.yaml

  • Set .serviceAccount.create to false.

  • Set .rbac.create to false.

  • Set ."cass-operator".serviceAccount.create to false.

  • Set ."cass-operator".rbac.create to false.

  • Replace all occurrences of 018397616607.dkr.ecr.eu-central-1.amazonaws.com to laas-docker-virtual.artifactory.six-group.net.

CODE 
helm -n $NAMESPACE upgrade --install -f veridiumid-containers/k8ssandra-operator-values.yaml k8ssandra-operator-$ENV_NO ../3.7.2/helm/k8ssandra-operator-1.20.2.tgz

7.5. Upgrade Cassandra

Configuration Updates for veridiumid-containers/k8ssandra-values.yaml

  • Remove the reaper field.

  • Remove the medusa field.

  • Set .medusa.storageProperties.storageProvider to "s3".

  • Remove the medusa_backup field.

  • Set .cassandra.serverVersion to "5.0.2".

  • Remove the .cassandra.serverImage field.

  • Set .cassandra.image.repository to
    "laas-docker-virtual.artifactory.six-group.net/veridiumid/vid-cassandra".

  • Set .cassandra.perNodeConfigInitContainerImage to
    "laas-docker-virtual.artifactory.six-group.net/dependencies/mikefarah/yq:4.45.1".

  • Remove the .cassandra.config.cassandraYaml.enable_sasi_indexes field.

  • Set .cassandra.config.cassandraYaml.sasi_indexes_enabled to true.

CODE 
helm upgrade --install -n $NAMESPACE -f veridiumid-containers/k8ssandra-values.yaml --timeout 60m k8ssandra-$ENV_NO ../3.7.2/helm/vid-k8ssandra-0.6.12.tgz

8. Configure encryption of backups

8.1. Generate a new GPG Key

Run the following command to create a new key:

CODE 
gpg --full-generate-key

Step-by-step prompts:

  1. Select Key Type: Choose RSA and RSA (default).

  2. Choose Key Size: Enter 4096 (recommended for strong security).

  3. Set Expiration: Choose 0 (never expires) or specify a timeframe.

  4. Enter User Details:

    • Name: e.g., Backup Encryption Key

    • Email: e.g., backup@example.com (can be anything). This will need to be configures in k8ssandra-values.yaml and veridiumid-values.yaml, under backup.encryption.recipient

    • Comment: (Optional, e.g., For encrypted backups)

    • Set Passphrase: Choose a strong passphrase for added security.

8.2. Verify the key

List available keys to find the Key ID:

CODE 
gpg --list-keys

8.3. Export the keys as files

CODE 
gpg --export --armor "backup@example.com" > public-key.asc

gpg --export-secret-keys --armor "backup@example.com" > private-key.asc

8.4. Create a secret containing the private, public keys and passphrase

CODE 
oc create secret generic veridiumid-gpg-keys --from-file=private-key.asc --from-file=public-key.asc --from-literal=passphrase=<YOUR_PASSPHRASE>

8.5. Enable encryption in values file

Configuration Updates for veridiumid-containers/k8ssandra-values.yaml

  • Set 'cassandra.backup.encryption.enable' to true.

Configuration Updates for veridiumid-containers/veridiumid-values.yaml

  • Set 'vid-maintenance.backup.encryption.enable' to true.

Next, update the k8ssandra and veridiumid releases using the commands described in sections 6 and 7.5.

9. Update API definitions

Apply the latest dmz-api.3.7.2.json and websec-api.3.7.2.json files in the /api folder.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close