Skip to content

Migrate to Helm

This section guides you through the process of migrating from a Kubernetes deployment to a Helm-based deployment. This transition is particularly relevant for organizations seeking to leverage the benefits of Helm within their Kubernetes environments. Helm simplifies and streamlines the deployment and management of applications on Kubernetes, making it an attractive choice for managing complex applications like Privacera Manager.

Prerequisites

Before proceeding with the Helm migration, ensure the following:

  1. Privacera Manager Version - Your Privacera Manager must be running version 8.7.0.1 or higher, but not exceeding 9.0.2.1. If your version is outside this range, first update to a compatible version using the standard Privacera Manager update procedure.

  2. Helm CLI - Helm CLI must be installed on the Privacera Manager host. The pm_with_helm.sh script requires Helm to be available in the system PATH.

    To install Helm, follow the instructions on the official Helm installation page.

    Quick installation command:

    Bash
    1
2
3
4
    curl -fsSL -o get_helm.sh \
  https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

    Verify Helm installation:

    Bash
    1
    helm version

Limitations

If any service is enabled during installation and later disabled, and the folder for that service is still present in the HELM directory, it must be deleted manually. This is because the current HELM script processes all charts in the HELM directory; if a chart folder is present, the corresponding service deployment will also be triggered.

Special Case: If a namespace is created with a name similar to another service name, issues may occur during resource annotation. For example, if the namespace is named usersync-dev or ranger-dev, it is possible that other objects may be annotated with ranger-usersync or ranger-admin annotations.

Migration Procedure

To migrate from a Kubernetes deployment to a Helm-based deployment, perform the following steps:

  1. Run the following command to annotate the existing resources which are deployed:

    Tip

    Replace <YOUR_NAMESPACE> with the actual value of the deployment namespace before executing the command.

    Bash
    1
2
    cd ~/privacera/privacera-manager/scripts
./migrate_to_helm.sh <YOUR_NAMESPACE>

  2. Verify the annotations and labels:

    Bash
    1
2
3
4
5
6
7
8
9
    # To verify the labels
kubectl -n <YOUR_NAMESPACE> get po --show-labels
kubectl -n <YOUR_NAMESPACE> get deploy --show-labels
kubectl -n <YOUR_NAMESPACE> get svc --show-labels
kubectl -n <YOUR_NAMESPACE> get ingress --show-labels

# To verify the annotations
kubectl -n <YOUR_NAMESPACE> get po -o=jsonpath='{range .items[*]}{@.metadata.namespace}:{@.metadata.name}{"\n"}{@.metadata.annotations}{"\n\n"}{end}'
kubectl -n <YOUR_NAMESPACE> get deploy -o=jsonpath='{range .items[*]}{@.metadata.namespace}:{@.metadata.name}{"\n"}{@.metadata.annotations}{"\n\n"}{end}'

    The preceding script annotates and labels all your resources with Helm.

  3. Run the following command to enable Helm deployment:

    Bash
    1
2
3
    cd ~/privacera/privacera-manager
cp config/sample-vars/vars.helm.yml config/custom-vars/
./privacera-manager.sh setup

  4. Once the setup is completed, you get the pm_with_helm.sh script in the privacera-manager folder. Run the following command to install Helm Charts.

    Bash
    1
    ./pm_with_helm.sh install

    This creates the Helm release for all your existing deployed resources and converts the existing normal deployment to Helm deployment.

  5. Run the post-install setups:

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  6. Run the following command to check if all the charts are deployed:

    Bash
    1
    helm ls -n <YOUR_NAMESPACE>