Prerequisites

• Install Kubenetes command line tool - kubectl. Instructions can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl/

• Install the command line tool of the Kubernetes hosting system:

  • Azure (AKS) https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest

Log on to Azure Kubernetes Service (AKS)

1. Log on to Azure by executing this command: az login

2. Setup the Azure log in with kubectl by executing this command: az aks get-credentials --resource-group <Azure_Resource_Group> --name <Azure_Kubernetes_Cluster>

Upgrade to a new version

Decide the following before proceed with the upgrade:

• The default time zone. The time zone id is the “TZ database name” from this page: List of tz database time zones

• The default culture. Use the code from: Supported Languages

• The other supported cultures. Use the code from: Supported Languages

• The RootUrl of application.

• The namespace where OneList applications are deployed.

Download the upgrade.ps1 file. Run the command in PowerShell below, where the Image_Version is in the format of x.x.x, e.g. 7.4.4

./upgrade.ps1 -n <OneList_Namespace> -v <Image_Version> -rooturl <rootUrl> -timezone <default timezone> -culture <default culture> -supportedCultures <supported cultures seperated by ','>

For example:  ./upgrade.ps1 -n onelist -v 7.4.4 -rootUrl https://onelist.example.com -timezone Australia/Sydney -culture en-AU -supportedCultures en-AU,en-US

Update the SSL certificate

The SSL certificate is securely stored in the Kubernetes secrets store. It is important to keep the SSL certificate current for OneList to function. Please renew the certificate before its expiry date.  

1. Obtain the SSL certificate and private key without password;

2. If the deployed SSL certificate is a wildcard certificate, the TLS secrete name is tls.onelist. Otherwise, the TLS secrete name is tls.onelist.<ONELIST_NAMESPACE>; 

3. Run these two command below:

kubectl delete secret <tls secret name> --namespace <ONELIST_NAMESPACE>

kubectl create secret tls <tls secret name> --namespace <ONELIST_NAMESPACE> --cert <Ssl_Certificate_File> --key <Private_Key_File> 

For example:

kubectl delete secret tls.onelist --namespace onelist-dev

kubectl create secrte tls tls.onelist --namespace onelist-dev --cert "c:\onelist\ssl_certificte.crt" --key "c:\onelist\ssl_key.key"

Update AKS Service Principal

If your AKS is created using a Azure Service Principal, it is required to update its password every year.

https://docs.microsoft.com/en-us/azure/aks/update-credentials

1. az aks show --resource-group <Azure_Resource_Group> --name <Azure_Kubernetes_Cluster> --query servicePrincipalProfile.clientId -o tsv

2. Record the principal ID returned from the above command

3. az ad sp credential reset --name <The Service Principal ID> --query password -o tsv

4. Record the new password returned from the above command

5. az aks update-credentials  --resource-group <Azure_Resource_Group> --name <Azure_Kubernetes_Cluster> --reset-service-principal --service-principal <The Service Principal ID> --client-secret <The Service Principal Password>

6. Wait for a few moments as the above command takes time to complete