Rollback IEM Pro V2 to V1¶
Use this guide to roll back from IEM Pro V2 to V1 if the migration fails and you cannot resolve the issue.
Rollback Overview¶
The rollback process includes the following steps:
- Get the last V1 Helm revision number.
- Run
helm rollbackto restore V1. - Clean up the remaining V2 resources.
Getting the last V1 Helm revision¶
Identify the Helm revision for your last IEM Pro V1 deployment. List the revision history for your release:
helm history $RELEASE_NAME -n <namespace>
Review the output and note the revision number of the last successful V1 deployment. This is the revision before the V2 upgrade.
Example output:
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Tue Jan 10 10:00:00 2026 superseded application-management-service-v1.15.17 v1.15.17 Install complete
2 Tue Feb 25 14:00:00 2026 deployed ie-management-v2.2.0 v2.2.0 Upgrade complete
In this example, revision 1 is the last V1 revision.
Record the revision number in ROLLBACK_REVISION variable.
Running Helm rollback¶
Roll back to the identified V1 revision:
helm rollback $RELEASE_NAME $ROLLBACK_REVISION -n <namespace> --timeout 30m0s
When the rollback is complete, verify the following:
- The
helm rollbackcommand exited without errors. - You can access the IEM Pro V1 UI.
Cleaning up remaining V2 resources¶
Create a YAML file named cleanup-V2-resources.yaml with the following content. Use this file to delete any remaining V2 resources.
Content of cleanup-V2-resources.yaml
# Copyright © Siemens 2026
---
apiVersion: batch/v1
kind: Job
metadata:
name: auth-db-cleanup-after-rollback
spec:
ttlSecondsAfterFinished: 600
backoffLimit: 5
activeDeadlineSeconds: 120
template:
spec:
restartPolicy: OnFailure
automountServiceAccountToken: false
imagePullSecrets:
- name: regcred
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
seccompProfile:
type: RuntimeDefault
containers:
- name: auth-db-cleanup
image: cr.eu1.edge.siemens.cloud/portal/bitnami-postgres@sha256:02c1db0d165374b5bd8353955229d86972a87ce06ac15af183c48e71167530a3
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
resources:
requests:
cpu: 50m
memory: 32Mi
limits:
cpu: 250m
memory: 64Mi
command:
- /bin/sh
- -c
- |
set -eu
log() {
local level="$1"
shift
echo "[$(date -u '+%Y-%m-%dT%H:%M:%SZ')] [$level] $*"
}
log INFO "Starting auth DB cleanup job ..."
for var_name in AUTH_DB_HOST AUTH_DB_USER AUTH_DB_PASSWORD AUTH_DB_NAME; do
eval "var_value=\${$var_name:-}"
[ -n "$var_value" ] || {
log ERROR "$var_name is required"
exit 1
}
done
case "$AUTH_DB_HOST" in
*:*)
DB_HOST=${AUTH_DB_HOST%:*}
DB_PORT=${AUTH_DB_HOST##*:}
;;
*)
log ERROR "AUTH_DB_HOST must be in host:port format"
exit 1
;;
esac
run_psql() {
PGPASSWORD="$AUTH_DB_PASSWORD" psql -v ON_ERROR_STOP=1 -h "$DB_HOST" -p "$DB_PORT" -U "$AUTH_DB_USER" -d postgres "$@"
}
DB_NAME_SQL_LITERAL=$(printf '%s' "$AUTH_DB_NAME" | sed "s/'/''/g")
DB_NAME_SQL_IDENTIFIER=$(printf '%s' "$AUTH_DB_NAME" | sed 's/"/""/g')
log INFO "Terminating active connections to database \"$AUTH_DB_NAME\" ..."
run_psql -c "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = '$DB_NAME_SQL_LITERAL' AND pid <> pg_backend_pid();"
log INFO "Dropping database \"$AUTH_DB_NAME\" if it exists ..."
run_psql -c "DROP DATABASE IF EXISTS \"$DB_NAME_SQL_IDENTIFIER\";"
log INFO "Done"
env:
- name: AUTH_DB_HOST
valueFrom:
configMapKeyRef:
name: auth-service-config
key: POSTGRES_SERVER_ADDRESS
- name: AUTH_DB_USER
valueFrom:
configMapKeyRef:
name: postgres-config
key: POSTGRES_USER
- name: AUTH_DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: POSTGRES_PASSWORD
- name: AUTH_DB_NAME
value: authservice
Apply the cleanup job:
kubectl apply -f cleanup-v2-resources.yaml -n <namespace>
Verify that the cleanup job completed successfully:
kubectl wait --for=condition=complete job/auth-db-cleanup-after-rollback -n <namespace> --timeout=5m
kubectl logs job/auth-db-cleanup-after-rollback -n <namespace>