My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Help

Gluu Flex Upgrade ( and restore if required )

Published:

This page documents the tested procedure we used to upgrade Gluu Flex from 5.13.0 to 5.15.0 on MicroK8s, including verification and downgrade readiness (PostgreSQL restore-based).

Namespace used: gluu
Helm release: gluu
PostgreSQL release/pod: my-release-postgresql-0
Database name: gluu

1) Baseline: confirm current deployment is 5.13

1.1 Check release versions

helm list -n gluu

1.2 Save current state

helm get values gluu -n gluu > values-5.13.yaml
helm get manifest gluu -n gluu > manifest-5.13.yaml

2) Persistence discovery (PostgreSQL)

2.1 Confirm persistence pod exists

kubectl -n gluu get pods | egrep -i 'ldap|opendj|couch|mysql|postgres|cn-persistence|persistence'

2.2 List Postgres databases (confirm DB name)

kubectl -n gluu exec -it my-release-postgresql-0 -- psql -U postgres -c '\l'

We confirm the database using is:

  • gluu

3) Downgrade safety: backup PostgreSQL before upgrade (MANDATORY)

3.1 Identify the PostgreSQL secret and key

kubectl -n gluu get secret | grep -i postgresql
kubectl -n gluu describe secret my-release-postgresql

We confirm the key:

  • postgres-password

3.2 Export the postgres password for non-interactive commands

export PGPASSWORD="$(kubectl -n gluu get secret my-release-postgresql -o jsonpath='{.data.postgres-password}' | base64 -d)"; echo "PGPASSWORD set"

3.3 Create the Flex 5.13 DB dump inside the pod

kubectl -n gluu exec -it my-release-postgresql-0 -- sh -lc 'pg_dump -U postgres -d gluu -Fc -f /tmp/flex-5.13.dump && ls -lh /tmp/flex-5.13.dump'

3.4 Copy the dump to the node (outside the cluster)

kubectl -n gluu cp my-release-postgresql-0:/tmp/flex-5.13.dump ./flex-5.13.dump

4) Discover chart versions (pin 5.15.0)

helm repo add gluu-flex https://helm.gluu.org
helm repo update
helm search repo gluu-flex/gluu --versions | head -n 30

We pinned:

  • chart 5.15.0
  • app version 5.15.0

5) Dry-run upgrade to 5.15.0

helm upgrade gluu gluu-flex/gluu -n gluu -f values-5.13.yaml --version 5.15.0 --dry-run --debug

6) Execute upgrade to Flex 5.15.0

helm upgrade gluu gluu-flex/gluu -n gluu -f values-5.13.yaml --version 5.15.0 --timeout 30m

Expected:

  • STATUS: deployed
  • REVISION: 2

7) Prove “before vs now” (Helm)

helm history gluu -n gluu

Example outcome (ours):

  • Revision 1gluu-5.13.0 / app 5.13.0
  • Revision 2gluu-5.15.0 / app 5.15.0

8) Prove runtime versions (container images)

kubectl -n gluu get deploy -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{range .spec.template.spec.containers[*]}{.image}{"\n"}{end}{end}' | egrep -i 'admin-ui|auth-server|config-api|configurator|scim|casa|fido2|saml|persistence'

Example outcome (ours):

  • ghcr.io/gluufederation/flex/admin-ui:5.15.0-1
  • ghcr.io/janssenproject/jans/auth-server:1.15.0-1
  • ghcr.io/janssenproject/jans/config-api:1.15.0-1
  • ghcr.io/janssenproject/jans/casa:1.15.0-1
  • ghcr.io/janssenproject/jans/fido2:1.15.0-1
  • ghcr.io/janssenproject/jans/scim:1.15.0-1

9) Quick health checks (post-upgrade)

kubectl -n gluu get pods

Recommended functional smoke tests:

  • /.well-known/openid-configuration
  • /authorize
  • /token
  • /userinfo
  • Admin UI login (if exposed)

10) Downgrade to 5.13 (SAFE method: uninstall + DB restore + reinstall)

⚠️ Helm rollback alone is not considered a safe downgrade because persistence may have changed.

10.1 Uninstall Flex 5.15

helm uninstall gluu -n gluu

10.2 Restore PostgreSQL from the 5.13 dump

Copy dump back into the pod:

kubectl -n gluu cp ./flex-5.13.dump my-release-postgresql-0:/tmp/flex-5.13.dump

Drop and recreate the DB (clean restore):

kubectl -n gluu exec -it my-release-postgresql-0 -- psql -U postgres -c "DROP DATABASE IF EXISTS gluu;"
kubectl -n gluu exec -it my-release-postgresql-0 -- psql -U postgres -c "CREATE DATABASE gluu;"

Restore:

kubectl -n gluu exec -it my-release-postgresql-0 -- pg_restore -U postgres -d gluu --clean --if-exists /tmp/flex-5.13.dump

10.3 Reinstall Flex 5.13 (using saved values)

helm install gluu gluu-flex/gluu   -n gluu   -f values-5.13.yaml   --version 5.13.0   --timeout 30m

11) Post-downgrade validation (repeat)

  • Helm history shows 5.13 as deployed
  • Runtime images show 5.13-era tags
  • Pods healthy
  • Functional smoke tests pass

Appendix: What we captured as evidence

  • values-5.13.yaml (effective values snapshot)
  • manifest-5.13.yaml (rendered manifest snapshot)
  • flex-5.13.dump (PostgreSQL downgrade anchor)
  • helm history gluu -n gluu output
  • Runtime images via kubectl ... jsonpath command
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied