Skip to main content
logoTetrate Service BridgeVersion: 1.12.x

Install a new Tetrate Management Plane (External Postgres Database)

How to install a new Management Plane instance, when using an external Postgres Database.

External Postgres Database

These instructions refer to installations that use an external Postgres database (either shared or dedicated to each management plane instance).

If you are using the embedded postgres implementation, refer to the reinstall when using embedded postgres instructions instead.

You should review the Helm Installation Procedure and any specific notes before proceeding. Please work with Tetrate Technical Support to go through the following procedure:

  1. Restore the Postgres Database (if necessary)

    If the existing instance is not available:

    • Deploy or acquire a new Postgres database, taking note of the credentials (for example, username and password) that can be used to create and manage schemas, tables and contents within the database (reference)
    • Import the current or recent backup to the Postgres Database (reference)

    Wait for the restore to complete before proceeding.

  2. Create a new Management Plane cluster

    Create a new Kubernetes cluster for the Tetrate Management Plane. Note that the management plane will be installed in the tsb namespace in this cluster. A dedicated cluster is recommended.

  3. Install Dependencies

    Install the required dependencies into the cluster. These dependencies will likely include:

    • Cert-Manager (if you're not using the bundled cert-manager instance) and related issuers/certificates. Ensure you use the same root CA
    • Any secrets that hold credentials/certificates for the Management Plane
    • The iam-signing-key from the failed Management Plane cluster - optional

    Install the iam-signing-key secret using kubectl apply:

    Restore the iam-signing-key secret into the tsb namespace:

    kubectl apply -n tsb -f source_mp_operational_secrets.yaml

    If this is not possible, you will need to reconfigure each Control Plane with a fresh secret later in this procedure.

    For more information, refer to the Helm Installation Guide.

  4. Prepare the configuration

    Using the mp-values.yaml from the original installation, update any required fields such as the hub or registry, or any other environment dependent fields if required.

    There is no need to update the Elastic/Postgres configuration if using external database instances, but you may need to adjust firewall rules.

  5. Install the Management Plane

    Perform the helm install for the Management Plane using your original mp-values.yaml (with necessary modifications), and monitor progress using:

    kubectl get pod -n tsb
    kubectl logs -f -n tsb -l name=tsb-operator

    Ensure that the front Envoy certificate and key, and the root CA and key are provided, for example through the Helm values.

Optionally, Test the new Management Plane instance

Once installation has completed, obtain the front envoy public ip address, for example:

kubectl get svc -n tsb envoy

Log into the UI with Envoy IP Address:

  • Verify that your Tetrate configuration has been preserved in the Postgres database; look for cluster configurations (clusters will not have synced at this point) and the organizational structure (organization, tenants, workspaces) that you expect to see
  • Check the Elastic historical data if available

This confirms that the rebuild was successful.

Perform the Failover from old to new

When needed, follow the failover process to update DNS records and provoke the controlplane deployments to connect to the new Management Plane instance.