Upgrade
KOTS-based installation
Upgrading the GitGuardian application
The GitGuardian application can be updated through the KOTS Admin Console in the "Version History" tab. First, you need to check for updates. This can be done manually or automatically. Then, you can deploy a newer version by clicking the "Deploy" button.
You can find more information on the KOTS documentation.
During upgrades, workers are stopped but new commits are still queued and will
be processed after the upgrade. Upgrades do not stop the dashboard, but they
introduce a temporary delay in message processing and alerting.
We advise running upgrades during a low-traffic period.
Required versions
KOTS Admin Console will show some versions as "Required".
If you have several versions to upgrade, you'll have to upgrade to each required version between your current version and your target version.
After each deployment, you should wait for the application to be fully upgraded. To that extent, you can monitor pods' status and wait for all pods to be live and all jobs to be completed.
watch kubetcl get po -n <namespace>
The application is restarted when all pods are in the running status:
Upgrading KOTS
KOTS also needs to be upgraded regularly. Please remind that GitGuardian releases are tested with the latest KOTS release, some features may not work as expected on older versions.
To check the KOTS plugin version, run the following command:
kubectl kots version
If there is an update available, follow the instructions and run this command:
curl https://kots.io/install | bash
Then, you will need to upgrade the KOTS application running in the cluster:
kubectl kots admin-console upgrade -n <namespace>
Helm-based Installation
Upgrading version
In Helm-based installation, you have to first log in to the private Helm registry
Then, run the following command in the cluster and namespace where the GitGuardian application is installed:
helm upgrade release-name oci://registry.replicated.com/gitguardian/gitguardian
where release-name
is the name provided at the first installation
(run helm ls
to find out).
This will upgrade your application to the latest version. If you need to upgrade
to a particular version, you can specify it in the --version
flag:
helm upgrade release-name oci://registry.replicated.com/gitguardian/gitguardian --version 2023.6.0
Updating application configuration
If you want to change the configuration of an application that is already
installed, you can use the helm upgrade
command with your updated values file.
You can stick to the same version by using the --version
flag:
helm upgrade release-name oci://registry.replicated.com/gitguardian/gitguardian --version 2023.6.0 -f updated-values.yaml
Upgrading embedded database to PostgreSQL 13
Starting version 2023.03.0, GitGuardian Self-Hosted with the embedded database
now uses PostgreSQL 13.
If you use an external database, PostgreSQL 13 is also the recommended version.
An upgrade should be planned and executed with your Database Management team.
The data from your PostgreSQL 11 database will be dumped and restored on a new volume attached to the PostgreSQL 13 container. This requires extra storage but will allow rollback.
Before upgrading to GitGuardian 2023.03.0
If you are not using GitGuardian 2023.02.1, please upgrade to this version and wait for the upgrade to complete and the application to be ready.
Check that you have enough space on your persistent volume to store the PostgreSQL 13 version of the data.
kubectl exec -it deployment/postgresql -- df -h
The amount of space used by /backup
and /var/lib/postgresql/data/pgdata
should leave enough space to restore a new copy of the database, equivalent to
the space used by /var/lib/postgresql/data/pgdata
. If it's not the case, you
may need to resize the persistent volume or delete the data in
/var/lib/postgresql/data/pgdata
after the backup. Please contact support in
such a case.
- Back up your database. The backup will be restored on PostgreSQL 13.
export PGPASS=$(kubectl get secrets postgresql -o jsonpath="{.data.\.pgpass}" | base64 -d | cut -f 5 -d \:)
kubectl exec -it deployment/postgresql -- env PGPASSWORD=$PGPASS /usr/bin/pg_dump -Cc -U ggadmin prm > dump_pg11.sql
Proceeding to the upgrade
In the Admin Console, edit the configuration to check the "All steps required for PostgreSQL 13 migration have been completed" checkbox and save the configuration. Without this step, you will not be allowed to install GitGuardian 2023.03.0 and beyond with embedded PostgreSQL.
You can now upgrade to GitGuardian 2023.03 and beyond. The upgrade will download the PostgreSQL 13 image in place of 11 and use it automatically.
Note that this action will create downtime as the database will not be able to read PostgreSQL 11 files until you restore the backup.
- Scale down your application:
kubectl scale deploy gitguardian-app --replicas=0
kubectl scale deploy gitguardian-beat --replicas=0
kubectl scale deploy gitguardian-email --replicas=0
kubectl scale deploy gitguardian-long-tasks --replicas=0
kubectl scale deploy gitguardian-scanner --replicas=0
kubectl scale deploy gitguardian-worker --replicas=0
- Restore the dump
export PGPASS=$(kubectl get secrets postgresql -o jsonpath="{.data.\.pgpass}" | base64 -d | cut -f 5 -d \:)
kubectl exec -it deployment/postgresql -- env PGPASSWORD=$PGPASS psql -U ggadmin < dump_pg11.sql
- Scale up the application back to your original settings (modify replicas in accordance)
kubectl scale deploy gitguardian-app --replicas=2
kubectl scale deploy gitguardian-beat --replicas=1
kubectl scale deploy gitguardian-email --replicas=2
kubectl scale deploy gitguardian-long-tasks --replicas=2
kubectl scale deploy gitguardian-scanner --replicas=2
kubectl scale deploy gitguardian-worker --replicas=2
- Run migrations from the new application
kubectl exec -it deploy/gitguardian-app — python manage.py migrate
Note that you can also use the "redeploy" feature of KOTS Admin Console to restore your application replica sets in their configured state and run migrations.
Congratulations, you completed the upgrade!