Upgrade Manifests¶

This section will guide you through rebasing your manifests on top of the latest release branch.

Contact Arrikto

You should always make sure you apply valid manifests and kustomizations after a rebase. In case of uncertainty do not hesitate to coordinate with the Arrikto Tech Team for support.

What You’ll Need¶

An upgraded management environment.
Your local clone of the Arrikto GitOps repository, tracking the develop release channel.

Check Your Environment¶

Go to your GitOps repository, inside your rok-tools management environment:

root@rok-tools:~# cd ~/ops/deployments
Ensure that you are currently on the develop branch:

root@rok-tools:~/ops/deployments# git rev-parse --abbrev-ref HEAD develop
Ensure that you are currently following the develop release channel:

root@rok-tools:~/ops/deployments# git rev-parse --abbrev-ref --symbolic-full-name @{u} origin/develop

Procedure¶

Important

Mirror the GitOps repository to a private remote to be able to recover it in case of failure.

Add an internal GitHub repository as a backup GitOps remote

Go to your GitOps repository, inside your rok-tools management environment:

root@rok-tools:/# cd ~/ops/deployments
Run keychain to start the SSH agent and use your SSH identity:

root@rok-tools:~/ops/deployments# eval "$(keychain --eval id_rsa)" * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... * Adding 1 ssh key(s): /root/.ssh/id_rsa * ssh-add: Identities added: /root/.ssh/id_rsa

Troubleshooting

can’t find id_rsa

If the above command shows the following warning message:

Warning: can't find id_rsa; skipping

it means that keychain could not find the file ~/.ssh/id_rsa, which normally contains your private SSH key.

To proceed, follow the Configure Git guide to configure your private SSH key.

Cannot find public key for id_rsa

If the above command shows the following warning message:

Warning: Cannot find public key for id_rsa

it means that keychain clould not find the file ~/.ssh/id_rsa.pub, which normally contains your public SSH key.

To proceed, generate the public SSH key based on your private key:

root@rok-tools:~# ssh-keygen -yf /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub
Fetch latest upstream changes:

root@rok-tools:~/ops/deployments# git fetch --all -p Fetching origin

Troubleshooting

Permission denied

If the above command fails with the following error message:

Permission denied (publickey)

ensure that you have run keychain as specified in the Procedure or the Fast-Forward section of this guide.

If the error persists, it means that you do not have access to the Arrikto GitOps repository. To proceed, follow the Configure Git guide to configure your SSH identity.
Ensure that the develop release channel you are currently following contains only Arrikto commits:

root@rok-tools:~/ops/deployments# [ $(git rev-list origin/develop --invert-grep --author @arrikto.com --count) == 0 ] \ > && echo "OK" || echo "FAIL" OK

Troubleshooting

The command outputs FAIL

If the above command outputs FAIL then the upstream branch develop you are following contains custom (non-Arrikto) commits, which is not expected. This can happen if you, for example, push custom (non-Arrikto) commits to a mirror of an Arrikto-managed branch.

Caution

Before proceeding with the rest of the upgrade please contact the Arrikto Tech Team to ensure that your GitOps repository is in a good state for the upgrade.
Rebase on top of the latest upstream develop branch:

root@rok-tools:~/ops/deployments# git rebase -Xtheirs origin/develop develop
Troubleshooting
CONFLICT (modify/delete)
Rebasing your work may cause conflicts when you have modified a file that has been removed from the latest version of Arrikto manifests. In such a case the rebase process will fail with:

CONFLICT (modify/delete): path/to/file deleted in origin/develop and modified in HEAD~X. Version HEAD~X of path/to/file left in tree.

Go ahead and delete those files:

root@rok-tools:~/ops/deployments# git status --porcelain | \ > awk '{if ($1=="DU") print $2}' | \ > xargs git rm

Continue the rebase process:

root@rok-tools:~/ops/deployments# git rebase --continue

Air Gapped

If you are in an air gapped environment, expand this box.

Follow the Mirror Images to Internal Registry guide to mirror all new images to your internal Docker registry.
Follow the Patch All Images for Your Deployment guide to patch all kustomizations to use the mirrored images from your internal Docker registry.

Verify¶

Go to your GitOps repository, inside your rok-tools management environment:

root@rok-tools:~# cd ~/ops/deployments
Ensure that you are currently on the develop branch:

root@rok-tools:~/ops/deployments# git rev-parse --abbrev-ref HEAD develop
Ensure that you are currently following the develop release channel:

root@rok-tools:~/ops/deployments# git rev-parse --abbrev-ref --symbolic-full-name @{u} origin/develop
Fetch changes from the upstream repository:

root@rok-tools:~/ops/deployments:~# git fetch -p origin

Troubleshooting

Permission denied

If the above command fails with the following error message:

Permission denied (publickey)

ensure that you have run keychain as specified in the Procedure or the Fast-Forward section of this guide.

If the error persists, it means that you do not have access to the Arrikto GitOps repository. To proceed, follow the Configure Git guide to configure your SSH identity.
Get the HEAD commit hash of the upstream branch you are tracking:

root@rok-tools:~/ops/deployments:~# export COMMIT_HASH=$(git rev-parse @{u})
Make sure that this commit hash exists in your local branch:

root@rok-tools:~/ops/deployments:~# git merge-base --is-ancestor ${COMMIT_HASH?} HEAD && echo "OK" || echo "FAIL" OK

Summary¶

You have successfully upgraded your manifests on top of the latest release branch.

What’s Next¶

The next step is to apply the latest manifests to upgrade your Rok cluster.

Upgrade Rok