4 Upgrading SEPP

This chapter provides information about upgrading Oracle Communications Cloud Native Core, Security Edge Protection Proxy (SEPP) deployment to the latest release. It is recommended to perform SEPP upgrade in a specific order. For more information about the upgrade order, see Oracle Communications Cloud Native Core, Solution Upgrade Guide.

You can upgrade SEPP from a source release to a target release using CDCS or CLI procedure as outlined in the following table:

Table 4-1 SEPP Upgrade procedure Sequence

Sequence Upgrade Task References Supported for CDCS Supported for CLI
1 Upgrade prerequisites Preupgrade Tasks See Oracle Communications CD Control Server User Guide. Yes
2 Upgrade procedure Upgrade procedure See Oracle Communications CD Control Server User Guide. Yes

4.1 Supported Upgrade Paths

The following table lists the supported upgrade paths for SEPP:

Note:

  • SEPP delpoyed in SEPP mode can be upgraded only to SEPP mode.
  • SEPP deployed in Roaming Hub mode can be upgraded only to Roaming Hub mode.

Table 4-2 Supported Upgrade Paths

Source SEPP Release Target SEPP Release
23.2.x, 23.3.x, 23.4.x 23.4.3

Table 4-3 Supported Upgrade Paths

Source Roaming Hub Release Target Roaming Hub Release
23.2.x, 23.3.x, 23.4.x 23.4.3

Note:

SEPP must be upgraded before upgrading cnDBTier.

4.2 Upgrade Strategy

SEPP supports in-service upgrade. The supported upgrade strategy is RollingUpdate. The rolling update strategy is a gradual process that allows you to update your Kubernetes system with only a minor effect on performance and no downtime. The advantage of the rolling update strategy is that the update is applied Pod-by-Pod so the greater system can remain active.

Note:

It is recommended to perform SEPP upgrade in a specific order. For more information about the upgrade order, see Oracle Communications Cloud Native Core, Solution Upgrade Guide.

The following engineering configuration parameters are used to define upgrade strategy:

  • upgradeStrategy parameter indicates the update strategy used in SEPP.
  • maxUnavailable parameter determines the maximum number of pods that can be unavailable during upgrade.

Predefined Upgrade Strategy Value

Table 4-4 Predefined Upgrade Strategy Value

Microservice Upgrade Value (maxUnavailable)
nf-mediation 1
n32-ingress-Gateway 25%
n32-egress-Gateway 25%
plmn-ingress-Gateway 25%
plmn-egress-Gateway 25%
pn32f-svc

Not Applicable

Note: maxSurge=25% attribute is used for this microservice.

cn32f-svc

Not Applicable

Note: maxSurge=25% attribute is used for this microservice.

pn32c-svc

Not Applicable

Note: maxSurge=25% attribute is used for this microservice.

cn32c-svc

Not Applicable

Note: maxSurge=25% attribute is used for this microservice.

config-mgr-svc

Not Applicable

Note: maxSurge=25% attribute is used for this microservice.

Appinfo 25%
ocpm-config 50%
performance 50%
sepp-nrf-client-nfmanagement Single Replica
sepp-nrf-client-nfdiscovery 25%
coherence-svc 1
alternate-route 25%

4.3 Preupgrade Tasks

This section provides information about preupgrade tasks to be performed before upgrading SEPP.

While upgrading an existing SEPP deployment, the running set of containers and pods are replaced with the new set of containers and pods. However, if there is no change in the pod configuration, the running set of containers and pods are not replaced.

Note:

  • No configuration should be performed during the upgrade.
  • Do not exit from Helm upgrade command manually. After running the Helm upgrade command, it takes some time (depending upon the number of PODs to upgrade) to upgrade all of the services. In the meantime, you must not press "ctrl+c" to come out from Helm upgrade command. It may lead to anomalous behavior.

Note:

  • The releaseVersion value in the ocsepp_values.yaml file can not be changed.
  • While performing an upgrade from an older release to a newer release, you must align the ocsepp_values.yaml file of the new release as per the ocsepp_values.yaml file of the older release. Ensure that you do not change any Helm parameter values. Do not enable any new feature during the upgrade. Any ocsepp_values.yaml parameter must not be changed while upgrading unless explicitly specified in this guide. For information about enabling any new feature through Helm parameters, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy User Guide.
  • Install or upgrade the network policies, if applicable. For more information, see Configuring Network Policies.
  • While performing an upgrade, the Global Rate Limiting feature must be disabled on both the ingress gateways (n32-ingress-gateway, plmn-ingress-gateway) in the source custom_values.yaml file.
    rateLimiting:
    enabled: false
  rssRateLimiter: 
    enabled: false
  globalIngressRateLimiting:
    enabled: false
Preupgrade Steps
  1. Keep current custom_values.yaml file as backup, that is, ocsepp-custom values-<version>.yaml for upgrading.
  2. Update the new custom_values.yaml defined for target SEPP release. See Customizing SEPP section for more details about Helm configurable parameters.
  3. Perform sanity check using Helm test. See the Performing Helm Test section for the Helm test procedure.
  4. Before starting upgrade, take a manual backup of SEPP REST based configuration. It will help if manual backup is taken in case the data need to be restored before the upgrade. For REST API configuration details, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy REST Specification Guide.

4.4 Upgrade Tasks

This section includes information about upgrading an existing SEPP deployment.

4.4.1 Helm Upgrade

Upgrading an existing deployment replaces the running containers and pods with new containers and pods. If there is no change in the pod configuration, it is not replaced.

Unless there is a change in the service configuration of a microservice, the service endpoints remain unchanged.

4.4.2 Upgrading SEPP

Perform the following procedure to upgrade SEPP.

Caution:

  • Stop the provisioning traffic before you start the upgrade procedure.
  • No configuration should be performed during upgrade.
  • Do not exit from helm upgrade command manually. After running the helm upgrade command, it takes some time (depending upon the number of pods to upgrade) to upgrade all the services. In the meantime, you must not press "ctrl+c" to come out from helm upgrade command. It may lead to anomalous behavior.

Note:

  • If the Helm upgrade results in failure and displays ConfigMap <Egress Rate Limiting ConfigMap Name> in namespace <Namespace> exists and cannot be imported into the current release: invalid ownership metadata error, do the following:

    Delete the Egress Rate Limit ConfigMap using the following command: kubectl delete cm <Egress Rate Limiting ConfigMap Name> -n <namespace> and run the Helm upgrade again.
  1. Untar the latest SEPP package and if required, re-tag and push the images to registry. For more information, see Downloading SEPP package and Pushing the Images to Customer Docker Registry.
  2. Modify the ocsepp-23.4.3.0.0.custom-values.yaml file parameters as per site requirement.
  3. Run the following command to upgrade an existing SEPP deployment:
    1. Using local Helm chart:
      helm upgrade <release_name> <helm_chart> -f <ocsepp_customized_values.yaml> --namespace <namespace-name>
      Example:
      helm upgrade seppsvc ocsepp-23.4.3.tgz -f ocsepp-custom values-23.4.3.yaml --namespace ocsepp

      Where,

      <release_name> is the SEPP release name.

      <helm_chart> is the Helm chart.

      <sepp_customized_values.yaml> is the latest custom-values.yaml file.

      For example, ocsepp-23.4.3.0.0.custom-values.yaml

      <namespace> is namespace of SEPP deployment.

    2. Using chart from helm repo:
      helm upgrade <release_name> <helm_repo/helm_chart> --version <chart_version> -f <ocsepp_customized_values.yaml> --namespace <namespace-name>
      Example:
      helm upgrade seppsvc ocsepp-23.4.3.tgz --version <chart_version> -f ocsepp-custom values-23.4.3.yaml --namespace ocsepp

      Where,

      <release_name> is the SEPP release name.

      <helm_chart> is the Helm chart.

      <sepp_customized_values.yaml> is the latest custom-values.yaml file.

      For example, ocsepp-23.4.3.0.0.custom-values.yaml

      <namespace> is namespace of SEPP deployment.

  4. Run the following command to check the status of the upgrade:
    helm status <release_name> --namespace <namespace-name>

    Where,

    <release_name> is the SEPP release name.

    <namespace> is namespace of SEPP deployment.

    For example: 
    $ helm status ocsepp --namespace seppsvc
    Sample output of a successful upgrade:
    [cloud-user@occne-22-2-0-cluster-bastion-1 ocsepp-23.4.3]$  helm history ocsepp-release -n seppsvc
REVISION        UPDATED                         STATUS          CHART           APP VERSION     DESCRIPTION
1               Wed May  13 07:19:50 2023        superseded      ocsepp-23.3.o   23.4.3.0.0      Install complete
2               Wed May  13 07:31:21 2023        superseded      ocsepp-23.4.3   23.4.3.0.0      Upgrade complete
3               Wed May  13 07:50:08 2023        superseded      ocsepp-23.4.3   23.4.3S.0.0      Rollback to 1
  5. Perform sanity check using Helm test. See the Performing Helm Test section for the Helm test procedure.
  6. If the upgrade fails, see Upgrade or Rollback failure in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.