Release 5.1
Removing API Gateway#
The API Gateway statefulset was used as a front end for dynamic URLs to the ObjectModelService. The ObjectModelService now handles that feature directly without additional software. As such, the API Gateway is being removed in Release 5.1. This includes the following changes:
- Removing the
APIGATEWAY_DEFAULT_PASSWORDandREDIS_APIGATEWAY_PASSWORDenvironment variables, the api-gateway internal secret (managed by the Helm chart and removed automatically), and the api-gateway external secretapi-gateway-external(managed by the administrator and removed through a separate process). - Removing all settings in
values.yamlof the DT Platform Helm Chart.config.internal.api-gateway.*config.external.redis.user.api-gateway.*config.override.api-gateway.*config.override.api-gateway-migrations.*ingress.api-gateway.*service.api-gateway.*deployment.objectmodelsvc.configMaps[i="api-gateway-internal"]statefulset.api-gateway.*job.api-gateway-migrations.*secretDef[name="APIGATEWAY_DEFAULT_PASSWORD"]secretDef[name="REDIS_APIGATEWAY_PASSWORD"] - Removing the shared storage (usually NFS via AWS EFS or OCI FSS) for api-gateway
Adding Platform Workbench URL#
A new required global configuration setting config.global.url.workbench has been added to the Helm Chart. This URL is used by the Platform Workbench application. A corresponding DNS name must be created and pointed to the load balancer alongside the existing app, api, and id DNS entries.
- Adding a new required setting
config.global.url.workbenchinvalues.yamlwith a default ofhttps://workbench.yourdomain.com - Updating
values.schema.jsonto includeworkbenchas a required URL property - A new DNS name (e.g.,
workbench.example-domain.com) must be created and pointed to the load balancer
Splitting the Web Applications into Their Own Helm Charts#
The three web applications previously bundled with the DT Platform Helm Chart have been moved to separate Helm Charts in Release 5.1. The DT Platform Helm Chart no longer includes their deployments, services, ingresses, or migration jobs, and the corresponding image.tag.platformconsoleapp, image.tag.platformreferenceapp, and image.tag.platformplugins settings have been removed.
Each new chart must now be installed alongside dtplatform into the same namespace. The migration jobs in each chart write into the existing staticwebsvc PersistentVolumeClaim provisioned by dtplatform, so the dtplatform release must be deployed first.
| Application | New Chart | Replaces |
|---|---|---|
| Digital Twin Console | dtconsole | platform-console-app deployment and platform-console-app-migrations job in dtplatform |
| Digital Twin Reference Application | dtreference | platform-reference-app deployment and platform-reference-app-migrations job in dtplatform |
| Digital Twin CAD Plugins | dtplugins | ipaplugins deployment and ipaplugins-migrations job in dtplatform |
Each chart has its own values.yaml with a familiar structure (config.global.url.*, image.*, ingress.*, service.*, deployment.*, job.*, newrelic.*, opentelemetry.*). The config.global.url.app, config.global.url.id, and config.global.url.api values must match those configured in dtplatform.
The deployments and ingresses in each chart are disabled by default; set the appropriate deployment.<name>.enabled, service.<name>.enabled, and ingress.<name>.enabled flags to true to install the corresponding application.
Consolidating Image Tag Settings#
The per-component image tag map has been collapsed into a single image.tag value that defaults to the chart appVersion when unset. The Platform IAM component is no longer built or tagged separately; it ships as part of the core platform image.
The following settings have been removed from the DT Platform Helm Chart values.yaml:
image.tag.platformimage.tag.platformiamimage.tag.platformconsoleappimage.tag.platformreferenceappimage.tag.platformpluginsCustomers who previously pinned individual component tags should instead set the single image.tag value (or leave it unset to track the chart appVersion). The dtconsole, dtreference, and dtplugins charts each have their own image.tag setting following the same convention.
New Required Secrets for Platform Notification Service#
Two new environment variables have been added to the platform-notificationsvc-external secret. They have no defaults; the customer must generate and provision both before deploying.
PLATFORM_NOTIFICATIONSVC_ENCRYPTION_KEY- NewPLATFORM_NOTIFICATIONSVC_ENCRYPTION_SALT- New
Per-Service Kafka Users#
Each service now authenticates to Kafka with its own user and password instead of sharing the administrator credentials. New environment variables have been added for each service's external secret. The Kafka administrator user has also been renamed from root to strimzi-kafka-root, and the REDIS_APIGATEWAY_PASSWORD variable has been removed (see API Gateway removal above).
The new per-service Kafka password variables are:
KAFKA_AISVC_PASSWORDKAFKA_DATASOURCESVC_PASSWORDKAFKA_EVENTSTRANSFORMSVC_PASSWORDKAFKA_FILESVC_PASSWORDKAFKA_ITEMSVC_PASSWORDKAFKA_ITEMSVC_TELEMETRY_WORKER_PASSWORDKAFKA_ITEMSVC_WORKER_PASSWORDKAFKA_METRICS_PERSISTER_SERVICE_PASSWORDKAFKA_OBJECTMODELSVC_PASSWORDKAFKA_PASSPORTSVC_PASSWORDKAFKA_PASSPORTSVC_METRICS_PASSWORDKAFKA_PLATFORM_NOTIFICATIONSVC_API_PASSWORDKAFKA_PLATFORM_NOTIFICATIONSVC_WORKER_PASSWORDKAFKA_SCRIPTMANAGER_PASSWORDKAFKA_WORKFLOWSVC_API_PASSWORDKAFKA_WORKFLOWSVC_BACKEND_PASSWORDKAFKA_WORKFLOWWKR_BACKEND_PASSWORD
ItemSvc MongoDB Database Renamed#
The MongoDB database used by the ItemService has been renamed from itemsvcdb to itemsdb to match the value hardcoded in the application. Customers using MongoDB must either rename the existing database or recreate it under the new name before upgrading.
ObjectModelService Now Uses External Redis#
The ObjectModelService now requires an external Redis user, configured through the same redis-external configMap pattern used by other services. A new REDIS_OBJECTMODELSVC_PASSWORD variable must be added to the objectmodelsvc-external secret. The previously-required REDIS_DATASOURCESVC_PASSWORD is no longer used by ObjectModelService (it had been added there in error).
Resource Request and Limit Increases#
CPU limits have been added to all services (defaulting to 10x the request) and memory requests/limits have been raised for several services. Customers should verify cluster capacity before upgrading.
| Service | Memory Request | Memory Limit |
|---|---|---|
passportsvc | 750Mi -> 2Gi | 2Gi -> 4Gi |
datasourcesvc | 1.75Gi -> 3Gi | 2.75Gi -> 5Gi |
scriptworker | 750Mi -> 2Gi | 2Gi -> 4Gi |
graphicssvc | 1Gi -> 2.25Gi | increased to 5Gi |
itemsvc | 750Mi -> 1Gi | increased to 1.5Gi |
eventstransformsvc | 1.25Gi -> 2Gi | increased to 3Gi |
platformiamsvc | raised | raised |
The platformiamsvc statefulset replica count has been increased from 2 to 3 to maintain Infinispan quorum, and a hard pod anti-affinity rule has been added so each replica lands on a separate node.
NewRelic Configuration Restructured#
The enableNewRelic boolean has been replaced by a newrelic.enabled block to mirror the existing opentelemetry configuration. Customers using New Relic must update their values overrides accordingly.
# BeforeenableNewRelic: false
# Afternewrelic: enabled: false