Artifactory version 7.x to 7.x Helm Upgrade

This topic provides information about the checks to perform in PostgreSQL before upgrading, how to upgrade for a single node, and how to upgrade for a HA setup.

Pre-Upgrade Checks for Bundled PostgreSQL in Artifactory

You must run a few checks before you upgrade Artifactory from any older version to 7.111.x directly because the bundled postgresql chart has been upgraded to version 15.5.20 in the latest artifactory and artifactory-ha Helm charts.

Step 1: Error Message on Upgrade

When upgrading from a version earlier than Artifactory 7.111.x to Artifactory 7.111.x, you will see an error message:

Sample error message:

demouser@demouser-mac artifactory % helm upgrade --install rt . -f values.yaml
Error: UPGRADE FAILED: execution error at (artifactory/charts/postgresql/templates/secrets.yaml:23:16): 
PASSWORDS ERROR: The secret "rt-postgresql" does not contain the key "password"

Step 2: Backup and Delete

Create a backup of your credentials like postgresql password and used PVCs.

Delete the PostgreSQL statefulset and secret.

kubectl delete statefulsets.apps postgresql-postgresql --namespace <namespace> --cascade=orphan
kubectl delete secret postgresql --namespace <namespace>

For more information, see How to upgrade to version 11.0.0.

Step 3: Get Image Tag

To ensure a successful upgrade, the custom-values.yaml file must include the 'postgresql.image.tag from the previous chart instead of the one from the latest chart.

Note

If you do not update the PostgreSQL image tag in custom-values.yaml to match the existing version, you may encounter an error such as: "The data directory was initialized by PostgreSQL version a.b, which is not compatible with this version x.y."

Get the current version of the postgresql image in your installation.

$ kubectl get pod {{ .Release.Name }}-postgresql-0 --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.containers[*].image}";

Copy the version from the output and set the following in your custom-values.yaml file in the 'postgresql' section.
```
postgresql:
  image:
    tag: <postgresql_version>
```

Step 4: Update PostgreSQL Configurations in custom-values.yaml

The configurations in the `postgresql` section of the artifactory and artifactory-ha charts do not align with the new structure of the latest postgresql chart.

For a successful upgrade, you need to include these new configurations in your custom-values.yaml file of artifactory or artifactory-ha charts.

Example

In the previous version of the Artifactory charts, the key for the postgresql password in the Kubernetes secret was postgresqlPassword. However, in the latest versions, this key has been changed to password. This change leads to upgrade failures if the custom-values.yaml file or related configurations still reference the old key from the previous version.

The following sections show an example of the changes in configurations in Artifactory’s previous and latest charts:

Previous Chart

postgresql:
  enabled: true
  image:
    registry: releases-docker.jfrog.io
    repository: bitnami/postgresql
    tag: 15.6.0-debian-11-r16
  postgresqlUsername: artifactory
  postgresqlPassword: ""
  postgresqlDatabase: artifactory
  postgresqlExtendedConf:
    listenAddresses: "*"
    maxConnections: "1500"
  persistence:
    enabled: true
    size: 200Gi
    # existingClaim:
  service:
    port: 5432
  primary:
    nodeSelector: {}
    affinity: {}
    tolerations: []
  readReplicas:
    nodeSelector: {}
    affinity: {}
    tolerations: []
  resources: {}
  securityContext:
    enabled: true
  containerSecurityContext:
    enabled: true

Latest Chart

postgresql:
  enabled: true
  image:
    registry: releases-docker.jfrog.io
    repository: bitnami/postgresql
    tag: 16.6.0-debian-12-r2

  auth:
    username: "artifactory"
    password: ""
    database: "artifactory"
  primary:
    extendedConfiguration: |
      listen_addresses = '*'
      max_connections = 1500
    persistence:
      enabled: true
      size: 200Gi
      # existingClaim:
    service:
      ports:
        postgresql: 5432
    resourcesPreset: "small"
    resources: {}
    # resources:
    #   requests:
    #     cpu: "2"
    #     memory: 512Mi
    #   limits:
    #     cpu: "3"
    #     memory: 1024Mi
    nodeSelector: {}
    affinity: {}
    tolerations: []
  readReplicas:
    nodeSelector: {}
    affinity: {}
    tolerations: []
  securityContext:
    enabled: true
  containerSecurityContext:
    enabled: true

Upgrade Single Node

Once you have a new chart version, you can upgrade your deployment.

Use the following command to upgrade.

helm upgrade artifactory --namespace artifactory jfrog/artifactory

If Artifactory was installed without providing a value to postgresql.postgresqlPassword (if the password was auto-generated), run the following command to get the current password.
```
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
Upgrade the release by passing the previously auto-generated secret.
```
helm upgrade <myrelease> jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD} --namespace <namespace>
```
This applies any configuration changes on your existing deployment.

Upgrade HA

Upgrade path depends on the Artifactory helm chart that you used to install Artifactory HA. You must use the same chart that you used to install Artifactory HA.

HA upgrade using artifactory chart

Use the following command to upgrade.

helm upgrade artifactory --namespace artifactory-ha jfrog/artifactory

If Artifactory was installed without providing a value to postgresql.postgresqlPassword (if the password was auto-generated), run the following command to get the current password.
```
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
Upgrade the release by passing the previously auto-generated secret.
```
helm upgrade <myrelease> --namespace artifactory jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
This applies any configuration changes on your existing deployment.

HA upgrade using artifactory-ha chart

Use the following command to upgrade.

helm upgrade artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha

If Artifactory was installed without providing a value to postgresql.postgresqlPassword (if the password was auto-generated), run the following command to get the current password.
```
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
Upgrade the release by passing the previously auto-generated secret.
```
helm upgrade <myrelease> --namespace artifactory-ha jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
This applies any configuration changes on your existing deployment.

Enable TLS 1.0 and 1.1 for connectivity with older databases in Helm Installations

Artifactory version 7.25.5 onwards includes OpenJDK version 11.0.11 and later. TLS 1.0 and TLS 1.1 are disabled by default from OpenJDK 11.0.11 onwards. If your database version does not support TLS 1.2, the Artifactory startup fails.

If you are unable to upgrade your database to a version that supports TLS 1.2 or later, perform the following steps to run Artifactory:

Create the following local directory.
Download the java.security file that has TLS 1.0 and 1.1 enabled.
Copy the java.security file to java/configmap.
Run the following command to create a custom config map. For more information, refer to Using Config Maps.
Pass the following custom config map to your Helm install. For more information, refer to Using Config Maps.