Update Docs for k8s; fix #7574 (#7941)

* Update Docs for k8s; fix #7574

* update headings as per review.

openmetadata-docs/content/deployment/kubernetes/index.md

@@ -76,19 +76,25 @@ helm install openmetadata-dependencies open-metadata/openmetadata-dependencies -
 
 </Note>
 
-Run `kubectl get pods` to check whether all the pods for the dependencies are running. You should get a result similar to
-below.
+Run `kubectl get pods` to check whether all the pods for the dependencies are running. You should get a result similar to below.
 
 ```commandline
-NAME                              READY   STATUS    RESTARTS   AGE
-elasticsearch-0                   1/1     Running   0          4m56s
-mysql-0                           1/1     Running   0          4m56s
+NAME                                                       READY   STATUS     RESTARTS   AGE
+elasticsearch-0                                            1/1     Running   0          4m26s
+mysql-0                                                    1/1     Running   0          4m26s
+openmetadata-dependencies-db-migrations-5984f795bc-t46wh   1/1     Running   0          4m26s
+openmetadata-dependencies-scheduler-5b574858b6-75clt       1/1     Running   0          4m26s
+openmetadata-dependencies-sync-users-654b7d58b5-2z5sf      1/1     Running   0          4m26s
+openmetadata-dependencies-triggerer-8d498cc85-wjn69        1/1     Running   0          4m26s
+openmetadata-dependencies-web-64bc79d7c6-7n6v2             1/1     Running   0          4m26s
 ```
 
+Please note that the pods names above as openmetadata-dependencies-* are part of airflow deployments.
+
 Helm Chart for OpenMetadata Dependencies uses the following helm charts:
 - [Bitnami MySQL](https://artifacthub.io/packages/helm/bitnami/mysql/8.8.23) (helm chart version 8.8.23)
 - [ElasticSearch](https://artifacthub.io/packages/helm/elastic/elasticsearch/7.10.2) (helm chart version 7.10.2)
-- [Airflow](https://artifacthub.io/packages/helm/airflow-helm/airflow/8.5.3) (helm chart version 8.5.3)
+- [Airflow](https://artifacthub.io/packages/helm/airflow-helm/airflow/8.6.1) (helm chart version 8.6.1)
 
 If you want to customise helm values for the dependencies as per your cluster, you can follow the above links and update
 your custom helm `values.yaml`.
@@ -117,13 +123,11 @@ If you deployed helm chart using different release name, make sure to update `va
 
 </Note>
 
-Run `kubectl get pods` to check the status of pods running. You should get a result similar to the output below:
+Run `kubectl get pods --selector=app.kubernetes.io/name=openmetadata` to check the status of pods running. You should get a result similar to the output below:
 
 ```commandline
 NAME                            READY   STATUS    RESTARTS   AGE
-elasticsearch-0                 1/1     Running   0          5m34s
-mysql-0                         1/1     Running   0          5m34s
-openmetadata-5566f4d8b9-544gb   1/1     Running   0          98s
+openmetadata-5c55f6759c-52dvq   1/1     Running   0          90s
 ```
 
 ## Port Forwarding

openmetadata-docs/content/deployment/kubernetes/values.md

@@ -14,14 +14,16 @@ This page list all the supported helm values for OpenMetadata Helm Charts.
 
 | Key | Type | Default |
 | :---------- | :---------- | :---------- |
-| global.authentication.provider | string | `no-auth` |
-| global.authentication.publicKeys | list | `[]` |
-| global.authentication.authority | string | `Empty String` |
+| global.authentication.provider | string | `basic` |
+| global.authentication.publicKeys | list | `[http://openmetadata:8585/api/v1/config/jwks]` |
+| global.authentication.authority | string | `https://accounts.google.com` |
 | global.authentication.clientId | string | `Empty String` |
 | global.authentication.callbackUrl | string | `Empty String` |
+| global.authentication.enableSelfSignup | bool | `true` |
 | global.authentication.jwtPrincipalClaims | list | `[email,preferred_username,sub]` |
-| global.authorizer.className | string | `org.openmetadata.catalog.security.NoopAuthorizer` |
-| global.authorizer.containerRequestFilter | string | `org.openmetadata.catalog.security.NoopFilter` |
+| global.authorizer.allowedEmailRegistrationDomains | list | `[all]` |
+| global.authorizer.className | string | `org.openmetadata.service.security.DefaultAuthorizer` |
+| global.authorizer.containerRequestFilter | string | `org.openmetadata.service.security.JwtFilter` |
 | global.authorizer.enforcePrincipalDomain | bool | `false` |
 | global.authorizer.enableSecureSocketConnection | bool | `false` |
 | global.authorizer.initialAdmins | list | `[admin]` |
@@ -56,6 +58,11 @@ This page list all the supported helm values for OpenMetadata Helm Charts.
 | global.airflow.openmetadata.authConfig.openMetadata.jwtToken.secretKey| string | `openmetadata-jwt-secret` |
 | global.airflow.openmetadata.authConfig.openMetadata.jwtToken.secretRef| string | `openmetadata-jwt-secret` |
 | global.airflow.openmetadata.serverHostApiUrl | string | `http://openmetadata.default.svc.cluster.local:8585/api` |
+| global.airflow.sslCertificatePath | string | `/no/path` |
+| global.airflow.verifySsl | string | `no-ssl` |
+| global.basicLogin.maxLoginFailAttempts | int | 3 |
+| global.basicLogin.accessBlockTime | int | 600 |
+| global.clusterName | string | `openmetadata` |
 | global.database.auth.password.secretRef | string | `mysql-secrets` |
 | global.database.auth.password.secretKey | string | `openmetadata-mysql-password` |
 | global.database.auth.username | string | `openmetadata_user` |
@@ -76,16 +83,33 @@ This page list all the supported helm values for OpenMetadata Helm Charts.
 | global.elasticsearch.trustStore.path | string | `Empty String` |
 | global.elasticsearch.trustStore.password.secretRef | string | `elasticsearch-truststore-secrets` |
 | global.elasticsearch.trustStore.password.secretKey | string | `openmetadata-elasticsearch-truststore-password` |
-| global.jwtTokenConfiguration.enabled | bool | `false` |
 | global.fernetKey | string | `jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=` |
-| global.jwtTokenConfiguration.rsapublicKeyFilePath | string | `Empty String` |
-| global.jwtTokenConfiguration.rsaprivateKeyFilePath | string | `Empty String` |
+| global.jwtTokenConfiguration.enabled | bool | `true` |
+| global.jwtTokenConfiguration.rsapublicKeyFilePath | string | `./conf/public_key.der` |
+| global.jwtTokenConfiguration.rsaprivateKeyFilePath | string | `./conf/private_key.der` |
 | global.jwtTokenConfiguration.jwtissuer | string | `open-metadata.org` |
 | global.jwtTokenConfiguration.keyId | string | `Gb389a-9f76-gdjs-a92j-0242bk94356` |
 | global.logLevel | string | `INFO` |
 | global.openmetadata.adminPort | int | 8586 |
 | global.openmetadata.host | string | `openmetadata` |
 | global.openmetadata.port | int | 8585 |
+| global.secretsManager.provider | string | `noop` |
+| global.secretsManager.additionalParameters.enabled | bool | `false` |
+| global.secretsManager.additionalParameters.accessKeyId.secretRef | string | `aws-access-key-secret` |
+| global.secretsManager.additionalParameters.accessKeyId.secretKey | string | `aws-key-secret` |
+| global.secretsManager.additionalParameters.region | string | `Empty String` |
+| global.secretsManager.additionalParameters.secretAccessKey.secretRef | string | `aws-secret-access-key-secret` |
+| global.secretsManager.additionalParameters.secretAccessKey.secretKey | string | `aws-key-secret` |
+| global.smtpConfig.enableSmtpServer | bool | `false` |
+| global.smtpConfig.emailingEntity | string | `OpenMetadata` |
+| global.smtpConfig.openMetadataUrl | string | `Empty String` |
+| global.smtpConfig.password.secretKey | string | `Empty String` |
+| global.smtpConfig.password.secretRef | string | `Empty String` |
+| global.smtpConfig.serverEndpoint | string | `Empty String` |
+| global.smtpConfig.serverPort | string | `Empty String` |
+| global.smtpConfig.supportUrl | string | `https://slack.open-metadata.org` |
+| global.smtpConfig.transportationStrategy | string | `SMTP_TLS` |
+| global.smtpConfig.username | string | `Empty String` |
 
 </Table>
 
@@ -102,7 +126,7 @@ This page list all the supported helm values for OpenMetadata Helm Charts.
 | fullnameOverride | string | `"openmetadata"` |
 | image.pullPolicy | string | `"Always"` |
 | image.repository | string | `"openmetadata/server"` |
-| image.tag | string | `0.11.4` |
+| image.tag | string | `0.12.1` |
 | imagePullSecrets | list | `[]` |
 | ingress.annotations | object | `{}` |
 | ingress.className | string | `""` |

openmetadata-docs/content/deployment/upgrade/kubernetes.md

@@ -15,6 +15,31 @@ This guide assumes that you have an OpenMetadata deployment that you installed a
 We also assume that your helm chart release names are `openmetadata` and `openmetadata-dependencies` and namespace used is
 `default`.
 
+## Procedure
+
+Below document is valid for upgrading Helm Charts from **0.11.5 to 0.12.X**.
+
+### Back up metadata
+
+Before proceeding, pleae make sure you made a backup of your MySQL/Postgres DB behind OpenMetadata server. This step is extremely important for you to restore to your current state if any issues come up during the upgrade 
+
+<InlineCalloutContainer>
+  <InlineCallout
+    color="violet-70"
+    icon="luggage"
+    bold="Backup Metadata"
+    href="/deployment/upgrade/backup-metadata"
+  >
+    Learn how to back up MySQL data.
+  </InlineCallout>
+</InlineCalloutContainer>
+
+## Get an overview of what has changed in Helm Values
+
+You can get changes from artifact hub of [openmetadata helm chart](https://artifacthub.io/packages/helm/open-metadata/openmetadata) release. Click on Default Values >> Compare to Version.
+
+<Image src="/images/deployment/upgrade/artifact-hub-compare-to-version.png" alt="Helm Chart Release Comparison"/>
+
 ## Upgrade Helm Repository with a new release
 
 Update Helm Chart Locally for OpenMetadata with the below command:
@@ -36,24 +61,31 @@ Verify with the below command to see the latest release available locally.
 ```commandline
 helm search repo open-metadata --versions
 > NAME                                   	CHART VERSION	APP VERSION	DESCRIPTION                                
-open-metadata/openmetadata             	0.0.16       	0.10.0     	A Helm chart for OpenMetadata on Kubernetes
-open-metadata/openmetadata             	0.0.15       	0.9.1      	A Helm chart for OpenMetadata on Kubernetes
-open-metadata/openmetadata             	0.0.14       	0.9.0      	A Helm chart for OpenMetadata on Kubernetes
-open-metadata/openmetadata             	0.0.13       	0.9.0      	A Helm chart for OpenMetadata on Kubernetes
-open-metadata/openmetadata             	0.0.12       	0.9.0      	A Helm chart for OpenMetadata on Kubernetes
-open-metadata/openmetadata             	0.0.11       	0.8.4      	A Helm chart for OpenMetadata on Kubernetes
-open-metadata/openmetadata             	0.0.10       	...
-open-metadata/openmetadata-dependencies	0.0.16       	0.10.0     	Helm Dependencies for OpenMetadata         
-open-metadata/openmetadata-dependencies	0.0.15       	0.9.1      	Helm Dependencies for OpenMetadata         
-open-metadata/openmetadata-dependencies	0.0.14       	0.9.0      	Helm Dependencies for OpenMetadata         
-open-metadata/openmetadata-dependencies	0.0.13       	0.9.0      	Helm Dependencies for OpenMetadata         
-open-metadata/openmetadata-dependencies	0.0.12       	0.9.0      	Helm Dependencies for OpenMetadata         
-open-metadata/openmetadata-dependencies	0.0.11       	...
+open-metadata/openmetadata             	0.0.39       	0.12.1     	A Helm chart for OpenMetadata on Kubernetes
+open-metadata/openmetadata             	0.0.38       	0.12.0     	A Helm chart for OpenMetadata on Kubernetes
+open-metadata/openmetadata             	0.0.37       	0.12.0     	A Helm chart for OpenMetadata on Kubernetes
+open-metadata/openmetadata             	0.0.36       	0.12.0     	A Helm chart for OpenMetadata on Kubernetes
+open-metadata/openmetadata             	0.0.35       	0.11.5     	A Helm chart for OpenMetadata on Kubernetes
+open-metadata/openmetadata             	0.0.34       	0.11.4     	A Helm chart for OpenMetadata on Kubernetes
+...
+open-metadata/openmetadata-dependencies	0.0.39       	0.12.1     	Helm Dependencies for OpenMetadata         
+open-metadata/openmetadata-dependencies	0.0.38       	0.12.0     	Helm Dependencies for OpenMetadata         
+open-metadata/openmetadata-dependencies	0.0.37       	0.12.0     	Helm Dependencies for OpenMetadata         
+open-metadata/openmetadata-dependencies	0.0.36       	0.12.0     	Helm Dependencies for OpenMetadata         
+open-metadata/openmetadata-dependencies	0.0.35       	0.11.5     	Helm Dependencies for OpenMetadata         
+open-metadata/openmetadata-dependencies	0.0.34       	0.11.4     	Helm Dependencies for OpenMetadata
+...
 ```
 
 ## Upgrade OpenMetadata Dependencies
 
-We upgrade OpenMetadata Dependencies with the below command:
+<Warning>
+
+We have upgraded the Airflow version from 2.1.4 to 2.3.3 with OpenMetadata `0.12.X` releases. Before you start upgrading OpenMetadata Dependencies, it is adviced to follow airflow migration docs [here](/deployment/upgrade/bare-metal#upgrade-ingestion-container).
+
+</Warning>
+
+Upgrade OpenMetadata Dependencies with the below command:
 
 ```commandline
 helm upgrade openmetadata-dependencies open-metadata/openmetadata-dependencies
@@ -66,6 +98,25 @@ You can modify any configuration and deploy by passing your own `values.yaml`.
 
 </Note>
 
+<Warning>
+
+If your helm upgrade fails with the below command result -
+```
+Error: UPGRADE FAILED: cannot patch "mysql" with kind StatefulSet: StatefulSet.apps "mysql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden
+```
+
+This is probably because with `0.12.1`, we have default size of mysql persistence set to 50Gi.
+Kubernetes does not allow changes to Persistent volume with helm upgrades.
+
+In order to work around this issue, you can either default the persistence size to 8Gi or run the below command which will patch Persistent Volumes and Persistent Volume Claims for mysql helm and then run the above `helm upgrade` command.
+
+```
+kubectl patch pvc data-mysql-0 -p '{"spec":{"resources":{"requests":{"storage":"50Gi"}}}}'
+kubectl patch pv <mysql-pv> -p '{"spec":{"storage":"50Gi"}}'
+```
+
+</Warning>
+
 <Tip>
 
 Make sure that, when using your own `values.yaml`, you are not overwriting elements such as the `image` of the containers.
@@ -85,7 +136,54 @@ helm upgrade openmetadata open-metadata/openmetadata
 
 You might need to pass your own `values.yaml` with the `--values` flag
 
----
+## Reindex ElasticSearch
+
+We have added a conditional suggestion mapping for all of the elasticsearch indexes. This may require re-indexing. With 0.12.1 its never been easier to index your metadata
+
+### Go to Settings -> Event Publishers -> ElasticSearch
+
+<Image src="/images/deployment/upgrade/elasticseach-re-index.png" alt="create-project" caption="Create a New Project"/>
+
+### Make sure you select "Recreate Indexes"
+
+Click on the "Recreate Indexes" lable and click "Re Index All"
+
+## Troubleshooting for 0.12 Release
+
+### Using custom helm values
+
+If you are facing an issue similar to below when openmetadata pod keeps on restarting.
+
+```
+java.lang.ClassNotFoundException: org.openmetadata.catalog.security.DefaultAuthorizer
+	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
+	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
+	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
+	at java.base/java.lang.Class.forName0(Native Method)
+	at java.base/java.lang.Class.forName(Class.java:315)
+	at org.openmetadata.service.OpenMetadataApplication.registerAuthorizer(OpenMetadataApplication.java:240)
+	at org.openmetadata.service.OpenMetadataApplication.run(OpenMetadataApplication.java:123)
+	at org.openmetadata.service.OpenMetadataApplication.run(OpenMetadataApplication.java:92)
+	at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:59)
+	at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:98)
+	at io.dropwizard.cli.Cli.run(Cli.java:78)
+	at io.dropwizard.Application.run(Application.java:94)
+	at org.openmetadata.service.OpenMetadataApplication.main(OpenMetadataApplication.java:323)
+```
+
+The root cause of the issue is the default helm values which are upgraded in helm charts but are getting overridden by your custom helm values. Please verify the config for Authorizer Class Name and Container Request Filter. 
+
+We have changed `org.openmetadata.catalog.security.*` to `org.openmetadata.service.security.*`.
+Make sure to verify your helm values and update the below content.
+
+```
+global:
+...
+ authorizer:
+    className: "org.openmetadata.service.security.DefaultAuthorizer"
+    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
+...
+```
 
 ## Troubleshooting for 0.10 Release