Skip to main content
Version: 2.10

Pre-upgrade

Before upgrading Portworx Backup in an internet-connected environment, verify that your system meets all prerequisites and that your MongoDB pods are ready to ensure a smooth upgrade process.

Prerequisites

  • (Mandatory) Ensure that you are aware of custom password guidelines

  • (Mandatory) Make sure all the mongoDB pods are in Ready state

  • (Optional) If you want to enable mTLS for Portworx Backup, make sure Istio or Linkerd is installed on the cluster where you want to deploy PXB with the following parameters set to true:

    • Istio:
      • meshConfig.defaultConfig.holdApplicationUntilProxyStarts=true
      • values.pilot.env.ENABLE_NATIVE_SIDECARS=true
    • Linkerd:
      • proxyInit.runAsRoot=true

  • If multiple applications use the same path prefix (/), Istio encounters traffic routing conflicts. To prevent this, you must update the VirtualService that PXB creates with a unique hostname.

Before you begin

  1. (Optional) If you want to enable mTLS for Portworx Backup, label or annotate PXB deployed namespace:

  • Istio

    • Istio sidecar mode:

      kubectl label namespace <pxb-namespace> istio-injection=enabled --overwrite

      This command annotates <pxb-namespace> to inject sidecar proxy required for mTLS.

      Here <pxb-namespace> is the namespace where you have deployed PXB.

    • Istio ambient mode:

      kubectl label namespace <pxb-namespace> istio.io/dataplane-mode=ambient --overwrite

  • Linkerd:

    1. Annotate PXB deployed namespace to inform Linkerd to inject linkerd-proxy required for mTLS:

      kubectl annotate ns <pxb-namespace> linkerd.io/inject=enabled

    2. Annotate the namespace for Kubernetes native sidecar support so that Linkerd sidecar proxy container can run and shut down gracefully without causing any issues:

      kubectl annotate ns <pxb-namespace> config.alpha.linkerd.io/proxy-enable-native-sidecar=true

Configure external OIDC endpoints

If you enabled an external OIDC during the Portworx Backup installation, you must manually configure the redirect URI in your OIDC provider.

Refer to the Setup login redirects section of the Portworx Enterprise documentation for instructions.

Next Steps

Once you have completed these prerequisite steps, your Kubernetes environment will be properly configured for Portworx Backup upgrade. You can now proceed to upgrade Portworx Backup using either the Helm command line or the web-based Spec Generator tool. For detailed installation instructions, refer to the Upgrade Portworx Backup in Non-Airgapped Environments topic.