authentik/website/docs/troubleshooting/postgres/upgrade_kubernetes.md

99 lines
3.5 KiB
Markdown

---
title: Upgrade PostgreSQL on Kubernetes
---
## Preparation
- `authentik-postgresql-0` is the Kubernetes Pod running PostgreSQL.
### Prerequisites
This migration requires some downtime, during which authentik must be stopped. To do this, run the following command:
```shell
kubectl scale deploy --replicas 0 authentik-server
kubectl scale deploy --replicas 0 authentik-worker
```
### Dump the current database
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
Run the following commands to dump the current data into a `.sql` file:
```shell
# This is the path where the PVC is mounted, so we'll place the dump here too
cd /bitnami/postgresql/
# Set the postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
# Dump the authentik database into an sql file
pg_dump -U $POSTGRES_USER $POSTGRES_DB > dump-11.sql
```
### Stop PostgreSQL and start the upgrade
To upgrade, change the following entries in your `values.yaml` used to deploy authentik:
```yaml
postgresql:
diagnosticMode:
enabled: true
image:
tag: 15.2.0-debian-11-r26
```
Now run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
After the upgrade is finished, you should have a new PostgreSQL pod running with the updated image.
### Remove the old data
Because the PVC mounted by the PostgreSQL pod still contains the old data, we need to remove/rename that data, so that PostgreSQL can initialize it with the new version.
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
Run the following commands to move the old data:
```shell
# This is the path where the PVC is mounted
cd /bitnami/postgresql/
# Move Postgres' data folder to data-11, which is the version we're upgrading to.
# The data folder can also be deleted; however it is recommended to rename it first
# in case the upgrade fails.
mv data data-11
```
### Restart PostgreSQL
In the step [Stop PostgreSQL and start the upgrade](#stop-postgresql-and-start-the-upgrade), we enabled the _diagnostic mode_, which means the PostgreSQL pod is running, but the actual Postgres process isn't running. Now that we've removed the old data directory, we can disable the diagnostic mode.
Once again, change the following entries in your `values.yaml` used to deploy authentik:
```yaml
postgresql:
image:
tag: 15.2.0-debian-11-r26
```
And once again run `helm upgrade --install authentik authentik/authentik -f values.yaml` to apply these changes. Depending on your configuration, you might have to repeat the steps from [Prerequisites](#prerequisites).
After the PostgreSQL pod is running again, we need to restore the data from the dump we created above.
Run `kubectl exec -it authentik-postgresql-0 -- bash` to get a shell in the PostgreSQL pod.
Run the following commands to restore the data:
```shell
# This is the path where the PVC is mounted
cd /bitnami/postgresql/
# Set the Postgres password based on the `POSTGRES_POSTGRES_PASSWORD` environment variable.
export PGPASSWORD=$POSTGRES_POSTGRES_PASSWORD
psql -U $POSTGRES_USER $POSTGRES_DB < dump-11.sql
```
After the last command finishes, all of the data is restored, and you can restart authentik.
### Restarting authentik
Run `helm upgrade --install authentik authentik/authentik -f values.yaml` once again, which will restart your authentik server and worker containers.