All the patch releases are backward compatible. To upgrade to a newer patch release, please download the installer from the Broadcom Support portal and follow the regular installation steps for upgrade.
If you currently have HA enabled with SSO and you rely on Geode for session sharing, you will need to change your setup due to discontinued maintenance for Apache Geode. You can choose between using session affinity routing or configuring a Redis server for session store. Read more about Configure session affinity or about Configure session store (SSO).
We introduced the explicit SSO configuration as a breaking change in the v1.1.x release. We enable SSO by default and we require sso.secretName
to be set to the name of the SSO secret you would like to use. Read more about Configure Single Sign-On (SSO).
In all the 1.0.x versions, SSO is enabled implicitly when a Kubernetes secret called sso-credentials
is found in the same namespace. This can lead to the security risk of exposing API portal instances to unauthorized users if the SSO secret was accidentally (or maliciously) deleted.
Due to the SSO behavioral change, you will need to download the latest 1.1.x version and update your existing values file with SSO related properties during the installation process.
If you currently have SSO enabled with your v1.0.x deployments of API portal for VMware Tanzu, you will need to add the following properties to your existing values file:
sso:
enabled: true # Optional, but recommended for explicitness
secretName: sso-credentials
For Carvel users: SSO secret name was configured under apiPortalServer.sso.secretName
property in API portal v1.0.x releases. Make sure to move sso.secretName
to top level when upgrading to API portal 1.1.x releases.
If you currently don't have SSO activated, you will need to add the following property to your existing values file:
sso:
enabled: false
With the values file updated, you may now follow the same installation as before.