diff --git a/modules/proc_deploy-quay-openshift-operator-tng.adoc b/modules/proc_deploy-quay-openshift-operator-tng.adoc index 16b7268ec..cbcaf848b 100644 --- a/modules/proc_deploy-quay-openshift-operator-tng.adoc +++ b/modules/proc_deploy-quay-openshift-operator-tng.adoc @@ -267,15 +267,16 @@ When the Quay Operator starts up, it immediately looks for any `QuayRegistries` === Ugrading a QuayEcosystem -Upgrades are supported from previous versions of the Operator which used the `QuayEcosystem` API for a limited set of configurations. To ensure that migrations do not happen unexpectedly, a special label needs to be applied to the `QuayEcosystem` for it to be migrated. A new `QuayRegistry` will be created for the Operator to manage, but the old `QuayEcosystem` will remain until manually deleted to ensure that you can roll back and still access Quay in case anything goes wrong. To migrate an existing `QuayEcosystem` to a new `QuayRegistry`, follow these steps: +Upgrades are supported from previous versions of the Operator which used the `QuayEcosystem` API for a limited set of configurations. To ensure that migrations do not happen unexpectedly, a special label needs to be applied to the `QuayEcosystem` for it to be migrated. A new `QuayRegistry` will be created for the Operator to manage, but the old `QuayEcosystem` will remain until manually deleted to ensure that you can roll back and still access Quay in case anything goes wrong. To migrate an existing `QuayEcosystem` to a new `QuayRegistry`, follow these steps. ==== Preparing Managed Database for Migration +If using an Operator-managed database, first ensure that the password is set for the `postgres` root admin user (not set by default). This allows remote access to the database for migration. The Operator looks for this password in the `Secret` referenced by `spec.quay.database.credentialsSecretName` under the `database-root-password` key. If using an external database not deployed by the Quay Operator, skip this step. Otherwise, ensure that the password is set for the `postgres` root admin user (not set by default). This allows remote access to the database for migration. The Operator looks for this password in the `Secret` referenced by `spec.quay.database.credentialsSecretKey` under the `database-root-password` key. To set/change the password, use either the OpenShift console or `kubectl` to [open an SSH terminal connection](https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/) to the Postgres pod: ```sh -$ kubectl exec -n --stdin --tty deployment/-quay-postgresql -- /bin/bash +$ oc exec -n --stdin --tty deployment/-quay-postgresql -- /bin/bash ``` Execute the following command and follow instructions to change the password: @@ -287,7 +288,17 @@ Type "help" for help. postgres=# \password ``` -==== Performing QuayEcosystem Upgrade +To create a `Secret` containing the `postgres` root admin user's password: +```sh +$ oc create secret generic \ + --from-literal=database-username= \ + --from-literal=database-password= \ + --from-literal=database-root-password= \ + --from-literal=database-name= + +``` + +To carry out the actual migration: . Add `"quay-operator/migrate": "true"` to the `metadata.labels` of the `QuayEcosystem`.