Skip to content

Upgrading to a new version💣

The below details the steps required to update to a new version of the Argocd package.

  1. Review the upstream release notes for the update you are going to, as well as any versions skipped over between the last BB release and this one. Note any breaking changes and new features.

  2. Use kpt to pull the upstream chart via the latest tag that corresponds to the application version

  3. Based on the upstream changelog review from earlier, make any changes required to resolve breaking changes and reconcile the Big Bang modifications.

  4. Modify the version in Chart.yaml. Also modify the appVersion and the bigbang.dev/applicationVersions to the new upstream version of Argocd.

  5. Update CHANGELOG.md adding an entry for the new version and noting all changes (at minimum should include Updated Mattermost to x.x.x).

  6. Generate the README.md updates by following the guide in gluon.

  7. Open an MR in “Draft” status and validate that CI passes. This will perform a number of smoke tests against the package, but it is good to manually deploy to test some things that CI doesn’t. Follow the steps below for manual testing.

  8. Once all manual testing is complete take your MR out of “Draft” status and add the review label.

Testing for updates💣

NOTE: For these testing steps it is good to do them on both a clean install and an upgrade. For clean install, point argocd to your branch. For an upgrade do an install with argocd pointing to the latest tag, then perform a helm upgrade with argocd pointing to your branch.

You will want to install with:

  • Argocd enabled
  • Set admin password for testing determinism
  • configs: secret: argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
  • Istio enabled

Testing Steps:

  • Ensure all resources have reconciled and are healthy
  • Ensure the application is resolvable at argocd.bigbang.dev
  • Run the cyrpress tests to confirm functionality of adding and deleting an application via the UI

When in doubt with any testing or upgrade steps ask one of the CODEOWNERS for assistance.

Big Bang Chart Additions💣

This package has a number of additions to the upstream helm chart to integrate with other Big Bang capabilities such as:

  • Monitoring tools (Prometheus/Grafana)
  • Service Mesh (Istio)
  • Network Policies
  • Helm hook jobs for automating upgrade tasks

Here’s the section of the chart/values.yaml file where these additions are configured:

# Big Bang Additions
# Optional key/secret for IAM role when using SOPS encryption in AWS.
awsCredentials:
  awsAccessKeyId: ""
  awsSecretAccessKey: ""
  awsDefaultRegion: "us-gov-west-1"
## Your FQDN will be ${ .Values.subdomain }.${ .Values.domain }
domain: bigbang.dev
istio:
  # -- Toggle BigBang istio integration
  enabled: false
  # -- Toggle BigBang istio injection
  injection: "disabled"
  # -- Default argocd peer authentication
  mtls:
    # -- STRICT = Allow only mutual TLS traffic,
    # PERMISSIVE = Allow both plain text and mutual TLS traffic
    mode: STRICT
  argocd:
    # -- Toggle Istio VirtualService creation
    enabled: true
    # -- Set Annotations for VirtualService
    annotations: {}
    # -- Set Labels for VirtualService
    labels: {}
    # -- Set Gateway for VirtualService
    gateways:
      - istio-system/main
    # -- Set Hosts for VirtualService
    hosts:
      - argocd.{{ .Values.domain }}
monitoring:
  # -- Toggle BigBang monitoring integration
  enabled: false
networkPolicies:
  # -- Toggle BigBang networkPolicies integration
  enabled: false
  ingressLabels:
    app: istio-ingressgateway
    istio: ingressgateway
  # -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
  # Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
  # Used by package NetworkPolicies to allow Kube API access
  controlPlaneCidr: 0.0.0.0/0
upgradeJob:
  enabled: true
  image:
    repository: registry1.dso.mil/ironbank/big-bang/base
    tag: 2.0.0
    imagePullPolicy: IfNotPresent

There are instances where the helm chart templates for Kubernetes resources in this package will need to have helm template values that will be a necessary addtion to the upstream templates.

Monitoring💣

The Kubernetes Service templates used for metrics collection in this package, currently named metrics.yaml, have a notable addition of a values key to the conditional statements to the templates:

.Values.monitoring.enabled

Adding this value to the conditional in metrics Service templates will tell helm to deploy these resources based on the value that is set for that key, which in this case would be true or false.

Example:

{ { - if or (.Values.server.metrics.enabled) (.Values.monitoring.enabled) } }

AWS Credentials Secret💣

The secret located at chart/templates/bigbang/argocd-iam-secret.yaml is a Big Bang addition.

This secret stores AWS credentials for an IAM role when using SOPS encryption for your Big Bang values.

Ensure this file does not get removed/deleted after performing an upgrade with kpt.


Last update: 2022-12-19 by Branden Cobb