Links

Upgrades

Overview of how to perform TileDB Cloud Enterprise upgrades

Process

When new releases of TileDB Cloud Enterprises are announced you can easily upgrade your installation by first updating the helm repository:
helm repo update tiledb
After the repository is updated you can run the helm upgrade:
helm upgrade --install \
--namespace tiledb-cloud \
--values values.yaml \
tiledb-cloud \
tiledb/tiledb-cloud-enterprise

Specific Version Upgrade Notes

Chart version 1.x.x - 2.x.x

Starting from version 2.x.x a newer version of JupyterHub is used. JupyterHub Chart version 1.2.0 is used including support for JupyterHub 1.5.0. With the new version of JupyterHub there are a number of changes needed in your values.yaml file. Below we highlight the specific sections requiring changes.
  • Add imagePullSecret key under jupyterhub section.
#########################################
# TileDB Cloud Hosted Notebook Settings #
#########################################
jupyterhub:
# REQUIRED: Set the private registry credentials, these are the same as the `imageCredentials` above
imagePullSecret:
password: ""
  • Remove imagePullSecret key from singleuser section.
singleuser:
# REQUIRED: Set the private registry credentials, these are the same as the `imageCredentials` above
imagePullSecret:
password: ""
  • Please copy and page in a notepad the contents of jupyterhub.auth key, then remove it completely. You will need the values in client_secret and cryptoKey fields.
auth:
type: custom
custom:
className: 'oauthenticator.tiledb.TileDBCloud'
config:
# REQUIRED: Set the oauth2 secret, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
client_secret: "Secret"
# REQUIRED: Set the domain for the jupyterhub and the oauth2 service
# it is likely you just need to replace `example.com` with your own internal domain
# This should match the ingress settings above and the hydra settings below
oauth_callback_url: "https://jupyterhub.tiledb.example.com/hub/oauth_callback"
token_url: "https://oauth2.tiledb.example.com/oauth2/token"
auth_url: "https://oauth2.tiledb.example.com/oauth2/auth"
userdata_url: "https://oauth2.tiledb.example.com/userinfo"
state:
# REQUIRED: Set the jupyterhub auth secret for persistence, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
cryptoKey: "Secret"
  • Replace jupyterhub.ingress.tls key with the following.
tls:
# REQUIRED: set the TLS information for hosted notebooks
- hosts:
- jupyterhub.tiledb.example.com
secretName: jupyterhub-tls
# optional TLS
tls: []
  • Replace initial contents of jupyterhub.hub key with the following:
hub:
# REQUIRED: Set the private registry credentials, these are the same as the `imageCredentials` above
imagePullSecret:
password: ""
config:
CryptKeeper:
# REQUIRED: Set the jupyterhub auth secret for persistence, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
keys:
- "Secret"
JupyterHub:
authenticator_class: oauthenticator.tiledb.TileDBCloud
TileDBCloud:
# REQUIRED: Set the oauth2 secret, this should be a secure value
# We recommend creating a random value with `openssl rand -hex
client_secret: "Secret"
# REQUIRED: Set the domain for the jupyterhub and the oauth2 service
# it is likely you just need to replace `example.com` with your own internal domain
# This should match the ingress settings above and the hydra settings below
oauth_callback_url: "http://jupyterhub.tiledb.example.com/hub/oauth_callback"
token_url: "http://oauth2.tiledb.example.com/oauth2/token"
auth_url: "http://oauth2.tiledb.example.com/oauth2/auth"
userdata_url: "http://oauth2.tiledb.example.com/userinfo"
In this step you need to fill-in the Keys and client_secret fields with values from the field jupyterhub.auth that earlier were saved in a notepad.
  • In hydra section please replace the following fields as noted here:
# tls:
# allow_termination_from:
# Set to cluster IP
# - 172.20.0.0/12
# serve:
# tls:
# allow_termination_from:
# Set to cluster IP
# - 172.20.0.0/12
secrets:
# REQUIRED: Set the oauth2 secret, this should be a secure value
# We recommend creating a random value with `openssl rand -hex 32`
system: secret
cookie: secret
system:
- "secret"
cookie:
- "Secret"
dsn: "mysql://tiledb_user:[email protected](tiledb-cloud-mariadb.tiledb-cloud.svc.cluster.local:3306)/tiledb_rest"
dsn: "mysql://tiledb_user:[email protected](tiledb-cloud-mariadb.tiledb-cloud.svc.cluster.local:3306)/tiledb_rest?parseTime=true"
# Configure ingress for oauth2 service
ingress:
public:
annotations:
# Configure any needed annotations. For instance if you are using a different ingress besides nginx set that here
kubernetes.io/ingress.class: nginx
hosts:
# REQUIRED: set the ingress domain for oauth2 service
- host: "oauth2.tiledb.example.com"
paths: ["/"]
tls:
# REQUIRED: set the TLS information for oauth2 service
- hosts:
- "oauth2.tiledb.example.com"
secretName: hydra-tls
paths:
- path: /
pathType: ImplementationSpecific
# optional TLS
tls: []

Chart version 2.3.x - 2.4.x

Starting from version 2.4.x a newer version of JupyterHub is used. JupyterHub Chart version 2.0.0 is used including support for JupyterHub 3.0.0.
We also introduced a new version of JupyterHub Authenticator which is used automatically. This means that the authenticator_class is no longer needed in values.yaml.
Below we highlight the specific section that has to be removed.
jupyterhub:
hub:
config:
JupyterHub:
authenticator_class: oauthenticator.tiledb.Ti
Furthermore if https is not used, it must be disabled explicitly, as in the following example:
tiledb-cloud-ui:
config:
isHttps: false
As part of JupyterHub 3.0.0, new version of Kubespawner is used, 4.2.0. Users who have overridden jupyterhub.singleuser.profileList in values.yaml should update to latest structure. Here is and example usage of profileList section which is also used in TileDB Enterprise Helm Chart
jupyterhub:
singleuser:
profileList:
- display_name: "Basic Data Science"
slug: "basic_data_science"
description: "This image is based on the popular <a href='https://hub.docker.com/r/jupyter/tensorflow-notebook/' target='_blank'>jupyter/tensorflow-notebook</a> docker image with the TileDB libraries included. See the full list of <a href='https://docs.tiledb.com/cloud/concepts/tiledb-cloud-internals/jupyter-notebooks' target='_blank'>installed packages</a>."
package_list_url: "https://docs.tiledb.com/cloud/concepts/tiledb-cloud-internals/jupyter-notebooks"
kubespawner_override:
image: tiledbenterprise/notebook-python-r-julia:3.1.0
profile_options:
server:
display_name: 'Server profile'
choices:
small:
display_name: 'Small server'
description: Best for when you will be performing serverless operations or moderate analysis.
kubespawner_override:
mem_limit: "8G"
mem_guarantee: "8G"
memory_display: "8GB"
cpu_limit: 2
cpu_guarantee: 2
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "small"
large:
display_name: 'Large server'
description: Best for when you need to perform large analysis in the notebook itself.
kubespawner_override:
mem_limit: "60G"
mem_guarantee: "60G"
memory_display: "60GB"
cpu_limit: 16
cpu_guarantee: 16
environment:
JUPYTER_IMAGE_NAME: "basic_data_science"
JUPYTER_IMAGE_SIZE: "large"