This topic details the critical steps and checks required when upgrading an Artifactory instance that uses the bundled PostgreSQL database.
Preparation and Pre-Upgrade Checks
To ensure a smooth upgrade, consider the following:
Backup Your Data: We strongly recommend you to perform a full backup of your Artifactory data directory (
$JFROG_HOME/artifactory/var) and database before starting any upgrade process. This allows for recovery in case of unexpected issues.Review Release Notes: Always check the Artifactory Release Notes for the target version. They may contain critical information, breaking changes, or specific pre-upgrade tasks not covered here.
Downtime: In a single-node setup, the Artifactory service will be unavailable to users during the upgrade. In High-Availability (HA) mode, a rolling upgrade ensures only one node is down at a time, allowing the service to remain available to users.
Pre-Upgrade Steps for Bundled PostgreSQL
You must execute few steps before you upgrade Artifactory from any older version to 7.111.x directly because the bundled postgresql chart has been upgraded to version 15.5.20 in the latest artifactory and artifactory-ha Helm charts.
Step 1: Backup and Delete
Create a backup of your credentials like postgresql password and used PVCs.
Delete the PostgreSQL statefulset and secret.
kubectl delete statefulsets.apps postgresql-postgresql --namespace <namespace> --cascade=orphan kubectl delete secret postgresql --namespace <namespace>
For more information, see How to upgrade to version 11.0.0.
Step 2: Get Image Tag
To ensure a successful upgrade, the custom-values.yaml file must include the 'postgresql.image.tag from the previous chart instead of the one from the latest chart.
Get the current image tag of your PostgreSQL pod by running the following command:
$ kubectl get pod {{ .Release.Name }}-postgresql-0 --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.containers[*].image}";Copy the version from the output and set the following in your
custom-values.yamlfile in the 'postgresql' section.postgresql: image: tag: <postgresql_version>
Step 3: Update PostgreSQL Configurations in custom-values.yaml
The configurations in the `postgresql` section of the artifactory and artifactory-ha charts do not align with the new structure of the latest postgresql chart. For a successful upgrade, you need to include these new configurations in your custom-values.yaml file of artifactory or artifactory-ha charts.
For example, in the previous version of the Artifactory charts, the key for the postgresql password in the Kubernetes secret was postgresqlPassword. However, in the latest versions, this key has been changed to password. This change leads to upgrade failures if the custom-values.yaml file or related configurations still reference the old key from the previous version.
The following sections show an example of the changes in configurations in Artifactory’s previous and latest charts:
Previous Chart
postgresql:
enabled: true
image:
registry: releases-docker.jfrog.io
repository: bitnami/postgresql
tag: 15.6.0-debian-11-r16
postgresqlUsername: artifactory
postgresqlPassword: ""
postgresqlDatabase: artifactory
postgresqlExtendedConf:
listenAddresses: "*"
maxConnections: "1500"
persistence:
enabled: true
size: 200Gi
service:
port: 5432
primary:
nodeSelector: {}
affinity: {}
tolerations: []
readReplicas:
nodeSelector: {}
affinity: {}
tolerations: []
resources: {}
securityContext:
enabled: true
containerSecurityContext:
enabled: trueLatest Chart
postgresql:
enabled: true
image:
registry: releases-docker.jfrog.io
repository: bitnami/postgresql
tag: 16.6.0-debian-12-r2
auth:
username: "artifactory"
password: ""
database: "artifactory"
primary:
extendedConfiguration: |
listen_addresses = '*'
max_connections = 1500
persistence:
enabled: true
size: 200Gi
service:
ports:
postgresql: 5432
resourcesPreset: "small"
resources: {}
nodeSelector: {}
affinity: {}
tolerations: []
readReplicas:
nodeSelector: {}
affinity: {}
tolerations: []
securityContext:
enabled: true
containerSecurityContext:
enabled: trueUpgrading a Single Node
To upgrade a single-node Artifactory deployment:
Use the following command to upgrade.
helm upgrade artifactory --namespace artifactory jfrog/artifactory
If Artifactory was installed without providing a value to
postgresql.auth.password(if the password was auto-generated), run the following command to get the current password:POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)Upgrade the release using the helm upgrade command. If you retrieved an auto-generated password, pass it in the command as shown below:
helm upgrade <myrelease> jfrog/artifactory --set postgresql.auth.password=${POSTGRES_PASSWORD} --namespace <namespace>This applies any configuration changes on your existing deployment.
Upgrading an HA Setup
The upgrade process for an HA setup depends on which Helm chart was used for the initial installation.
Use the following command to upgrade.
helm upgrade artifactory --namespace artifactoryha jfrog/artifactory
If Artifactory was installed without providing a value to
postgresql.auth.password(if the password was auto-generated), run the following command to get the current password.POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)Upgrade the release by passing the previously auto-generated secret:
helm upgrade <myrelease> --namespace artifactory jfrog/artifactory --set postgresql.auth.password=${POSTGRES_PASSWORD}This applies any configuration changes on your existing deployment.