Upgrading to a newer patch release

All the patch releases are backward compatible. To upgrade to a newer patch release, please download the installer from TanzuNet and follow the regular installation steps for upgrade.

Migrating from v1.0.x to v1.1.x

We introduced the explict SSO configuration as a breaking change in the v1.1.x release. We enable SSO by default and we require sso.secretName to be set to the name of the SSO secret you would like to use. Read more about Configure Single Sign-On (SSO).

In all the 1.0.x versions, SSO is enabled implicitly when a Kubernetes secret called sso-credentials is found in the same namespace. This can lead to the security risk of exposing API portal instances to unauthorized users if the SSO secret was accidentally (or maliciously) deleted.

Update existing values file

Due to the SSO behavioral change, you will need to download the latest 1.1.x version and update your existing values file with SSO related properties during the installation process.

Upgrade SSO enabled instances

If you currently have SSO enabled with your v1.0.x deployments of API portal for VMware Tanzu, you will need to add the following properties to your existing values file:

sso:
    enabled: true   # Optional, but recommended for explicitness
    secretName: sso-credentials

For Carvel users: SSO secret name was configured under apiPortalServer.sso.secretName property in API portal v1.0.x releases. Make sure to move sso.secretName to top level when upgrading to API portal 1.1.x releases.

Upgrade SSO disabled instances

If you currently don't have SSO enabled, you will need to add the following property to your existing values file:

sso:
    enabled: false

Follow the installation steps

With the values file updated, you may now follow the same installation as before.

check-circle-line exclamation-circle-line close-line
Scroll to top icon