Upgrade the NGINX Image Version

Upgrade the nginx-ingress image to 1.3.1 version and reinstall the ingress-controllers.

1. From your computer, run the SSH command to connect to the domain's Administration Server node as the opc user.

   ssh -i <path_to_private_key> opc@<node_IP_address>

2. List the existing domains ingress and jenkins ingress, and delete the existing ingress.

   #List all the existing domains ingress and jenkins ingress
   kubectl get ing -A
   #This will list the existing domains ingress and jenkins ingress
   
   #Delete all the existing domain and jenkins ingress
   kubectl delete ing wls-admin-ingress -n nonjrf-ns
   kubectl delete ing wls-cluster-ingress -n nonjrf-ns
   kubectl delete ing wls-console-help-ingress -n nonjrf-ns
   kubectl delete ing jenkins-dashboard-ingress -n jenkins-ns

3. List the existing deployments, and delete the old internal and external deployments.

   #List all the existing deployments in wlsoke-ingress-nginx namespace
   kubectl get deploy -n wlsoke-ingress-nginx
   Example output:
   wlsoke-ingress-nginx    nginx-ingress-controller                    0/1      1      0    2h
   wlsoke-ingress-nginx    nginx-ingress-controller-nonjrf-external    0/1      1      0    2h
   
   #Delete all the existing deployments for wlsoke-ingress-nginx namespace
   kubectl delete deployment.apps/nginx-ingress-controller -n wlsoke-ingress-nginx
   kubectl delete deployment.apps/nginx-ingress-controller-nonjrf-external -n wlsoke-ingress-nginx

4. List the existing services, delete the services for load balancer and Jenkins.

   #List all the existing services in wlsoke-ingress-nginx namespace
   kubectl get svc -n  wlsoke-ingress-nginx
   Example output:
   wlsoke-ingress-nginx   nonjrf-lb-external   LoadBalancer   10.96.26.2    152.0.0.1   443:30118/TCP   2h
   wlsoke-ingress-nginx   wlsokeprefix-internal      LoadBalancer   10.96.20.239  10.0.0.1      80:32686/TCP    2h 
   
   #Delete all the existing services
   kubectl delete svc nonjrf-lb-external -n wlsoke-ingress-nginx
   kubectl delete svc wlsokeprefix-internal -n wlsoke-ingress-nginx
   
   #Delete the jenkins service
   kubectl delete svc jenkins-service -n jenkins-ns

5. Uninstall ingress controller helm chart and Jenkins charts.

   helm uninstall ingress-controller
   helm uninstall jenkins-oke

6. Copy files to the tmp directory

   cp /u01/provisioning-data/*.yaml /tmp

7. Replace the files, _nginx-ingress.tpl and _nginx-role.tpl in /u01/scripts/ingress-controller.
   To view the contents of the files, _nginx-ingress.tpl and _nginx-role.tpl located in /u01/scripts/ingress-controller, see NGINX Ingress Template File and NGINX Role Template File.
8. Replace the file _nginx-ingress.tpl in /u01/shared/scripts/pipeline/create_domain/ingress-controller.
   To view the contents of the file _nginx-ingress.tpl located in /u01/shared/scripts/pipeline/create_domain/ingress-controller, see NGINX Ingress Template File.
9. Replace the file jenkins-role.tpl in /u01/scripts/jenkins/charts/templates.
   To view the contents of the file, jenkins-role.tpl located in /u01/scripts/jenkins/charts/templates, see Jenkins Role Template File.
10. Pull the ingress controller image 1.3.1.

    #https://newreleases.io/project/github/kubernetes/ingress-nginx/release/controller-v1.3.1
    docker pull registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974

11. Tag the image.

    #Tag the image corresponding to your region and service name
    docker tag <image_identifier> <region_key>.ocir.io/<tenancy_namespace>/<repository_name>:<tag>

    Example:

    docker tag 8e6k1kebb869 phx.ocir.io/mytenancy/wlsokeprefix/infra/nginx-ingress-controller:1.3.1

12. Push the tagged image.

    docker push <region_key>.ocir.io/<tenancy_namespace>/<repository_name>:<tag>

    Example:

    docker push phx.ocir.io/mytenancy/wlsokeprefix/infra/nginx-ingress-controller:1.3.1

13. Update the value for ocir_ingress_image_tag in /tmp/ingress-controller-input-values.yaml to point to the new image.

    Example of an ingress-controller-input-values.yaml file in tmp directory:

    {
       "jenkins_service": "jenkins-service",
       "jenkins_service_port": "8080",
       "ocir_ingress_image_tag":"iad.ocir.io/mytenancy/wlsokeprefix/infra/nginx-ingress-controller:1.3.1",
       "ingress_namespace":"wlsoke-ingress-nginx",
       "ingress_ocir_secret_name":"ocirsecrets",
       "ingress_lb_service_name":"wlsokeprefix-internal",
       "ingress_lb_shape":"flexible",
       "ingress_lb_shape_min":"10",
       "ingress_lb_shape_max":"100",
       "ingress_enable_http_port":true,
       "ingress_enable_https_port":false,
       "ingress_http_port":"80",
       "ingress_https_port":"443",
       "jenkins_namespace":"jenkins-ns",
       "cert_secret_name": "oke-ssl-secret"
     }

14. Install ingress controller again using the following command:

    helm upgrade --install ingress-controller /u01/scripts/ingress-controller --values /tmp/ingress-controller-input-values.yaml -n default --wait

15. Install the Jenkins charts.

    #get the container image for jenkins controller
    docker images |grep jenkins-controller
    #Example output:
    phx.ocir.io/mytenancy/wlsokeprefix/infra/cisystem-jenkins-controller    1.0.5_2.235.11    369269139728    10 months ago    2.16GB
    
    helm upgrade --install jenkins-oke /u01/scripts/jenkins/charts/ --set image.repository=phx.ocir.io/mytenancy/wlsokeprefix/infra/cisystem-jenkins-controller:1.0.5_2.235.11 
    --values /tmp/jenkins-inputs.yaml -n default --wait

16. Add the value for ocir_ingress_image_tag in /u01/shared/weblogic-domains/domain1/ingress-controller-inputs.yaml to point to the new image.

    Example of an ingress-controller-input-values.yaml file in /u01/shared/weblogic-domains/<domain_name> directory:

    {
       "domain_name": "domain1",
       "admin_service": "domain1-domain1-adminserver",
       "admin_service_port": "8765",
       "cluster_service": "domain1-cluster-domain1-cluster",
       "cluster_service_port": "9765",
       "ingress_namespace":"wlsoke-ingress-nginx",
       "ingress_ocir_secret_name":"ocirsecrets",
       "wls_domain_namespace":"domain1-ns",
       "cert_secret_name": "oke-ssl-secret",
       "lb_name": "domain1-lb-external",
       "lb_namespace": "domain1-ns",
       "lb_shape": "flexible",
       "lb_shape_min": "10",
       "lb_shape_max": "40",
       "service_ssl_port": "443",
       "is_idcs_selected": false,
       "is_private_lb": false,
       "reserved_public_ip": "",
       "ocir_ingress_image_tag": "iad.ocir.io/mytenancy/wlsokeprefix/infra/nginx-ingress-controller:1.3.1"
     }

17. Install ingress controller for all the existing domains.

    #Run the following command for each existing domain by replacing the domain name in location /u01/shared/weblogic-domains/<domain_name>/ingress-controller-inputs.yaml
    helm upgrade --install ingress-controller /u01/shared/scripts/pipeline/create_domain/ingress-controller 
    --values /u01/shared/weblogic-domains/domain1/ingress-controller-inputs.yaml -n default --wait

18. Edit the configmap to change the kubernetes version and new ingress controller image value.

    #edit the cm wlsoke-metadata-configmap in jenkins namespace for the attributes, kubernetes_version and ocir_ingress_controller_repokubernetes_version
    kubectl edit cm wlsoke-metadata-configmap -n jenkins-ns -o yaml
    kubernetes_version: v1.24
    ocir_ingress_controller_repo: phx.ocir.io/mytenancy/wlsokeprefix/infra/nginx-ingress-controller:1.3.1
    #save the configmap