Upgrading to a new version💣
The below details the steps required to update to a new version of the Argocd package.
-
Review the upstream release notes for the update you are going to, as well as any versions skipped over between the last BB release and this one. Note any breaking changes and new features.
-
Use
kpt
to pull the upstream chart via the latest tag that corresponds to the application version -
Based on the upstream changelog review from earlier, make any changes required to resolve breaking changes and reconcile the Big Bang modifications.
-
Modify the
version
inChart.yaml
. Also modify theappVersion
and thebigbang.dev/applicationVersions
to the new upstream version of Argocd. -
Update
CHANGELOG.md
adding an entry for the new version and noting all changes (at minimum should includeUpdated Mattermost to x.x.x
). -
Generate the
README.md
updates by following the guide in gluon. -
Open an MR in “Draft” status and validate that CI passes. This will perform a number of smoke tests against the package, but it is good to manually deploy to test some things that CI doesn’t. Follow the steps below for manual testing.
-
Once all manual testing is complete take your MR out of “Draft” status and add the review label.
Testing for updates💣
NOTE: For these testing steps it is good to do them on both a clean install and an upgrade. For clean install, point argocd to your branch. For an upgrade do an install with argocd pointing to the latest tag, then perform a helm upgrade with argocd pointing to your branch.
You will want to install with:
- Argocd enabled
- Set admin password for testing determinism
configs: secret: argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
- Istio enabled
Testing Steps:
- Ensure all resources have reconciled and are healthy
- Ensure the application is resolvable at
argocd.bigbang.dev
- Run the cyrpress tests to confirm functionality of adding and deleting an application via the UI
When in doubt with any testing or upgrade steps ask one of the CODEOWNERS for assistance.
Big Bang Chart Additions💣
This package has a number of additions to the upstream helm chart to integrate with other Big Bang capabilities such as:
- Monitoring tools (Prometheus/Grafana)
- Service Mesh (Istio)
- Network Policies
- Helm hook jobs for automating upgrade tasks
Here’s the section of the chart/values.yaml
file where these additions are configured:
# Big Bang Additions
# Optional key/secret for IAM role when using SOPS encryption in AWS.
awsCredentials:
awsAccessKeyId: ""
awsSecretAccessKey: ""
awsDefaultRegion: "us-gov-west-1"
## Your FQDN will be ${ .Values.subdomain }.${ .Values.domain }
domain: bigbang.dev
istio:
# -- Toggle BigBang istio integration
enabled: false
# -- Toggle BigBang istio injection
injection: "disabled"
# -- Default argocd peer authentication
mtls:
# -- STRICT = Allow only mutual TLS traffic,
# PERMISSIVE = Allow both plain text and mutual TLS traffic
mode: STRICT
argocd:
# -- Toggle Istio VirtualService creation
enabled: true
# -- Set Annotations for VirtualService
annotations: {}
# -- Set Labels for VirtualService
labels: {}
# -- Set Gateway for VirtualService
gateways:
- istio-system/main
# -- Set Hosts for VirtualService
hosts:
- argocd.{{ .Values.domain }}
monitoring:
# -- Toggle BigBang monitoring integration
enabled: false
networkPolicies:
# -- Toggle BigBang networkPolicies integration
enabled: false
ingressLabels:
app: istio-ingressgateway
istio: ingressgateway
# -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
# Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
# Used by package NetworkPolicies to allow Kube API access
controlPlaneCidr: 0.0.0.0/0
upgradeJob:
enabled: true
image:
repository: registry1.dso.mil/ironbank/big-bang/base
tag: 2.0.0
imagePullPolicy: IfNotPresent
There are instances where the helm chart templates for Kubernetes resources in this package will need to have helm template values that will be a necessary addtion to the upstream templates.
Monitoring💣
The Kubernetes Service
templates used for metrics collection in this package, currently named metrics.yaml
, have a notable addition of a values key to the conditional statements to the templates:
.Values.monitoring.enabled
Adding this value to the conditional in metrics Service
templates will tell helm
to deploy these resources based on the value that is set for that key, which in this case would be true
or false
.
Example:
{ { - if or (.Values.server.metrics.enabled) (.Values.monitoring.enabled) } }
AWS Credentials Secret💣
The secret located at chart/templates/bigbang/argocd-iam-secret.yaml
is a Big Bang addition.
This secret stores AWS credentials for an IAM role when using SOPS encryption for your Big Bang values.
Ensure this file does not get removed/deleted after performing an upgrade with kpt
.