Skip to main content
Skip table of contents

Upgrade to Mongodb Version 8.x for CX Solution

This guide illustrates the upgrade procedure for Expertflow CX Solution from MongoDB version 6.x to latest revision of MongoDB 8.x

Backup

Backup the existing MongoDB using any of the following methods

Requirements

This upgrade guide is valid for only CX 4.6 Release which is already enabled with AUTH and TLS capabilities. Previous releases are not compatible for upgrades.

Upgrade Path

  1. Existing MongoDB is running MongoDB 6.x

  2. Upgrade to MongoDB 7.x for compatibility of MongoDB 8.x

  3. Upgrade to MongoDB 8.x

Upgrade to MongoDB 7.x

Clone the MongoDB 7.x helm chart

CODE 
mkdir -p mongodb-v7
cd mongodb-v7
CODE 
helm pull --untar oci://registry-1.docker.io/bitnamicharts/mongodb --version 15.6.9

change directory to helm package

CODE 
cd mongodb

Edit/update these settings in the values.yaml file

Auth Section

CODE 
auth:
  rootPassword: "Expertflow123"             # Change to your existing mongoDB password

TLS Section ( add/update as per below )

CODE 
tls:
  enabled: true
  mTLS:
    enabled: true
  autoGenerated: true
  pemChainIncluded: true

Change the deployment type to statefulset in the values.yaml

CODE 
useStatefulSet: true

upgrade the existing MongoDB 6.x to MongoDB 7.x

CODE 
helm upgrade --install --namespace ef-external --values ./values.yaml mongo .

Wait for the upgrade to complete and MongoDB pod is running

Export the MongoDB root user password for MongoDB client pod

CODE 
export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace ef-exernal mongo-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)

Initiate a MongoDB Client Pod

CODE 
kubectl apply -f - << EOF
apiVersion: v1
kind: Pod
metadata:
  name: mongo7-mongodb-client
  namespace: ef-external
spec:
  containers:
  - command: ["/bin/sh"]
    args:
      - -c
      - >-
          mkdir /tmp/mongodb_certs && 
          cd /tmp/mongodb_certs && 
          openssl req -nodes -newkey rsa:2048 -keyout /tmp/mongodb_certs/client.key -out /tmp/mongodb_certs/client.csr -subj "/C=SW/ST=Bern/L=Jagerweg/O=efcx/OU=EfCx/CN=mongo" &&
          openssl x509 -req   -sha256 -days 3650 -in /tmp/mongodb_certs/client.csr -CA /tmp/CERTS/mongodb-ca-cert   -CAkey /tmp/CERTS/mongodb-ca-key  -set_serial 01 -out /tmp/mongodb_certs/client.crt && 
          cat /tmp/CERTS/mongodb-ca-cert /tmp/CERTS/mongodb-ca-key > /tmp/mongodb_certs/combined.pem && 
          cat /tmp/mongodb_certs/client.crt /tmp/mongodb_certs/client.key > /tmp/mongodb_certs/client.pem &&
          sleep infinity
    env:
    - name: MONGODB_ROOT_PASSWORD
      value: $MONGODB_ROOT_PASSWORD
    image: docker.io/bitnami/mongodb:7.0.11-debian-12-r0
    name: mongo7-mongodb-client
    volumeMounts:
    - mountPath: /tmp/CERTS
      name: mongo-certs
  volumes:
  - name: mongo-certs
    secret:
      secretName: mongo-mongodb-ca
  restartPolicy: Always

EOF

Exec into the mongo-mongodb-client pods

CODE 
kubectl -n ef-external exec -ti mongo7-mongodb-client -- bash

Connect the mongoDB server pod

CODE 
mongosh admin \
--host "mongo-mongodb" \
--authenticationDatabase admin \
-u root \
-p $MONGODB_ROOT_PASSWORD \
--tls  \
--tlsAllowInvalidHostnames  \
--tlsAllowInvalidCertificates \
--tlsCertificateKeyFile /tmp/mongodb_certs/client.pem  \
--tlsCAFile /tmp/mongodb_certs/combined.pem
Inside the MongoDB Shell

Verify the current feature compatibility for MongoDB

CODE 
db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

The above command’s output should report that currently MongoDB is compatible with version 6.0

Upgrade the feature compatibility to Version 7.0

CODE 
db.adminCommand( { setFeatureCompatibilityVersion: "7.0" } )

Once the command is acknowledged, exit out of the MongoDB Shell. Only proceed if the above feature compatibility set command is successful.

CODE 
quit

Exit the mongo7 client pod

CODE 
exit

Delete the mongo7 client pod

CODE 
kubectl -n ef-external delete pod  mongo7-mongodb-client

Change the parent directory

CODE 
cd ..

Upgrade to MonoDB 8.x

Prepare for MongoDB version 8 deployment

Download the helm chart

CODE 
mkdir -p mongodb-v8
cd mongodb-v8
CODE 
helm pull --untar oci://registry-1.docker.io/bitnamicharts/mongodb  --version 16.4.4

Change directory to the unfolded mongoDB helm chart directory

CODE 
cd mongodb

Edit the helm chart’s values file values.yaml and update these parameters

CODE 
vi values.yaml

Change the authentication related information

CODE 
auth:
   rootPassword: "Expertflow123"             # by default no password is present. change it to desired value for-example "Expertflow123"

Enable the TLS Encryption

CODE 
tls:
  enabled: true
  mTLS:
    enabled: true
  autoGenerated: true
  pemChainIncluded: true

Change the default deployment mode to use statefulset

CODE 
useStatefulSet: true

save the values.yaml file.

Deploy the mongoDB version 8 helm chart

CODE 
helm upgrade --install=true --namespace ef-external --values ./values.yaml mongo .

Check the status of the mongoDB pods

CODE 
kubectl -n ef-external get pods -l app.kubernetes.io/component=mongodb,statefulset.kubernetes.io/pod-name=mongo-mongodb-0
Initiate the MongoDB 8 Client Pod

Export the password for mongoDB server pod

CODE 
export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace mongo mongo-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)

Run the mongoDB client pod

CODE 
kubectl apply -f - << EOF
apiVersion: v1
kind: Pod
metadata:
  name: mongo8-mongodb-client
  namespace: ef-external
spec:
  containers:
  - command: ["/bin/sh"]
    args:
      - -c
      - >-
          mkdir /tmp/mongodb_certs && 
          cd /tmp/mongodb_certs && 
          openssl req -nodes -newkey rsa:2048 -keyout /tmp/mongodb_certs/client.key -out /tmp/mongodb_certs/client.csr -subj "/C=SW/ST=Bern/L=Jagerweg/O=efcx/OU=EfCx/CN=mongo" &&
          openssl x509 -req   -sha256 -days 3650 -in /tmp/mongodb_certs/client.csr -CA /tmp/CERTS/mongodb-ca-cert   -CAkey /tmp/CERTS/mongodb-ca-key  -set_serial 01 -out /tmp/mongodb_certs/client.crt && 
          cat /tmp/CERTS/mongodb-ca-cert /tmp/CERTS/mongodb-ca-key > /tmp/mongodb_certs/combined.pem && 
          cat /tmp/mongodb_certs/client.crt /tmp/mongodb_certs/client.key > /tmp/mongodb_certs/client.pem &&
          sleep infinity
    env:
    - name: MONGODB_ROOT_PASSWORD
      value: $MONGODB_ROOT_PASSWORD
    image: docker.io/bitnami/mongodb:8.0.4-debian-12-r3
    name: mongo-mongodb-client
    volumeMounts:
    - mountPath: /tmp/CERTS
      name: mongo-certs
  volumes:
  - name: mongo-certs
    secret:
      secretName: mongo-mongodb-ca
  restartPolicy: Always

EOF

Exec into the mongo-mongodb-client pods

CODE 
kubectl -n ef-external exec -ti mongo8-mongodb-client -- bash

Connect the mongoDB server pod

CODE 
mongosh admin \
--host "mongo-mongodb" \
--authenticationDatabase admin \
-u root \
-p $MONGODB_ROOT_PASSWORD \
--tls  \
--tlsAllowInvalidHostnames  \
--tlsAllowInvalidCertificates \
--tlsCertificateKeyFile /tmp/mongodb_certs/client.pem  \
--tlsCAFile /tmp/mongodb_certs/combined.pem
Inside the MongoDB Shell

Verify the current feature compatibility for MongoDB

CODE 
db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

The above command’s output should report that currently MongoDB is compatible with version 7.0

Upgrade the feature compatibility to Version 8.0

CODE 
db.adminCommand( { setFeatureCompatibilityVersion: "8.0" } )

Once the command is acknowledged, exit out of the MongoDB Shell. Only proceed if the above feature compatibility set command is successful.

CODE 
quit

Exit the mongo7 client pod

CODE 
exit

Delete the mongo7 client pod

CODE 
kubectl -n ef-external delete pod  mongo7-mongodb-client

Change the parent directory

CODE 
cd ..
Prepare the CX Deployments

Recreate TLS Certifications.

CODE 
mkdir /tmp/mongodb_certs
CERTFILES=($(kubectl get secret mongo-mongodb-ca -n ef-external -o go-template='{{range $k,$v := .data}}{{$k}}{{"\n"}}{{end}}'))
for f in ${CERTFILES[*]}; do   kubectl get secret mongo-mongodb-ca  -n ef-external -o go-template='{{range $k,$v := .data}}{{ if eq $k "'$f'"}}{{$v  | base64decode}}{{end}}{{end}}' > /tmp/mongodb_certs/${f} 2>/dev/null; done

Create the client certificates

CODE 
cd /tmp/mongodb_certs
CODE 
openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=SW/ST=Bern/L=Jagerweg/O=efcx/OU=EfCx/CN=mongo"
CODE 
openssl x509 -req   -sha256 -days 3650 -in tls.csr -CA mongodb-ca-cert  -CAkey mongodb-ca-key  -set_serial 01 -out client.crt

Create the client.pem and CA pem certificate combined.pem

CODE 
cat client.crt client.key > client.pem

Create TLS encryption secret for clients to connect to the mongoDB pod

CODE 
kubectl -n expertflow create secret mongo-mongodb-ca generic \
--from-file=mongodb-ca-cert=mongodb-ca-cert \
--from-file=mongodb-ca-key=mongodb-ca-key \
--from-file=client-pem=client.pem

Restart all the deployments using the MongoDB.

CODE 
kubectl -n expertflow rollout restart deploy

Perform this rollout restart for all the deployments using MongoDB to reconnect.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close