This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

    Manual Upgrade (2.4.1- 2.5.0)

    As of August 2020, Sysdig has changed its upgrade procedure.

    All on-premises installations and upgrades are now scheduled with and guided by Sysdig technical account managers and professional services division. See Oversight Services Now Offered for All Installs and Upgrades .

    For customers, the instructions in this section are for review purposes only.

    Sysdig platform on-premise releases are listed here. Each release has a version number and specific release notes.

    This release has the following significant component change:

    The Report service is now available for Sysdig Secure. Installing it requires first applying an Anchore license and then applying the appropriate report yamls, as listed below.

    Download the New Version

    Download the new version from Sysdig’s GitHub and unzip it.

    Note that as of this release, versioning standards have changed from a single build number (e.g. v1929) to semantic versioning (e.g. 2.3.0)

    wget https://github.com/draios/sysdigcloud-kubernetes/archive/<version_number>.tar.gz &&  tar xvf <version_number>.tar.gz
    

    Edit New Files to Match Your Customized Files

    It is important to use the latest YAML files for a successful upgrade.

    Edit the following files within the sysdigcloud directory to match any customizations you may have made in your existing production system.

    Sysdig Cloud Files

    Customization involves copying the existing settings from your environment and modifying the files listed in this section.

    Update the following files with customizations from your existing environment:

    • sysdigcloud/config.yaml: Pull configurations from your sysdigcloud-config configmap to the downloaded sysdigcloud/config.yaml.

      The following variables are mandatory for Sysdig installations:

      api.url
      collector.endpoint
      sysdigcloud.license
      

      The following variables are optional but commonly modified for Sysdig installations:

      cassandra.jvm.options
      elasticsearch.jvm.options
      sysdigcloud.jvm.api.options
      sysdigcloud.jvm.collector.options
      sysdigcloud.jvm.worker.options
      

      If you have modified the previous config.yaml, copy the modified options such as the external endpoints. You must also check deployment YAML files for CPU/memory settings.

    • Copy configurations from your existing deployment and update the spec.replicas definition in the following files:

      • sysdigcloud/api-deployment.yaml

      • sysdigcloud/collector-deployment.yaml

      • sysdigcloud/worker-deployment.yaml

    • If running Sysdig Secure:

      Please do not edit the image: property.

      • sysdigcloud/anchore-core-config.yaml

      • sysdigcloud/anchore-worker-config.yaml

      • sysdigcloud/anchore-core-deployment.yaml

      • sysdigcloud/anchore-worker-deployment.yaml

      • sysdigcloud/scanning-api-deployment.yaml

      • sysdigcloud/scanning-alertmgr-deployment.yaml

    Postgres File (if running Sysdig Secure)

    Update the following file with customizations from your existing environment:

    Please do not edit the image: property.

    • Modify the storage class name, spec.volumeClaimTemplates[].spec.storageClassName in the datastores/as_kubernetes_pods/manifests/postgres/postgres-statefulset.yaml file.

    Elasticsearch and Cassandra Files

    In version 2.3.0, Elasticsearch and Cassandra yaml configurations have been updated. Update the new files with customizations from your existing environment.

    Please do not edit the image: property.

    • elasticsearch-statefulset.yaml - For example, your environment may have customized the values for the number of replicas, resource constraints, amount of storage, and the storage class name:

      spec.replicas and spec.template.spec.containers[elasticsearch].env[ELASTICSEARCH_GOSSIP_NODES_NUM].value
      spec.template.spec.containers[].resources
      spec.volumeClaimTemplates[].spec.resources.requests.storage
      spec.volumeClaimTemplates[].spec.storageClassName
      
    • cassandra-statefulset.yaml - As with Elasticsearch, your environment may have customized the values for the number of replicas, resource constraints, amount of storage, and the storage class name:

      spec.replicas
      spec.template.spec.containers[].resources
      spec.volumeClaimTemplates[].spec.resources.requests.storage
      spec.volumeClaimTemplates[].spec.storageClassName
      

    Apply the Files

    Run the kubectl commands to apply the relevant files to your cluster.

    Upgrade for Sysdig Monitor

    The --force flag deletes the object and re-creates it whereas the --replace flag automatically creates an object if it doesn’t exist.

    NAMESPACE=sysdigcloud
    kubectl -n $NAMESPACE apply -f sysdigcloud/config.yaml
    kubectl -n $NAMESPACE replace --force -f datastores/as_kubernetes_pods/manifests/elasticsearch/elasticsearch-statefulset.yaml
    kubectl -n $NAMESPACE replace --force -f datastores/as_kubernetes_pods/manifests/cassandra/cassandra-statefulset.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/api-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/collector-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/worker-deployment.yaml
    

    Upgrade for Sysdig Secure

    For versions 2.4.1 and higher: To use the Reports functionality in Sysdig Secure, it is necessary to enter a license key in the anchore-license.yaml. If you are upgrading or installing and do not have an anchore license please contact support. This license is used for additional 3rd party vulnerability feed entitlements.

    1. Edit the license YAML file: sysdigcloud/anchore-enterprise-license.yaml. Replace <LICENSE> with the key received from Sysdig.

      ---
      apiVersion: v1
      kind: Secret
      metadata:
        name: anchore-enterprise-license
      data:
        # <LICENSE> is derived from `cat anchore-license.yaml | base64`
        anchore-license.yaml: <LICENSE>
      type: Opaque
      
    2. Run the command:

      kubectl -n sysdigcloud apply -f sysdigcloud/anchore-enterprise-license.yaml
      

    Apply the Files

    Run the following commands, preserving the order:

    kubectl -n $NAMESPACE replace --force -f datastores/as_kubernetes_pods/manifests/postgres/postgres-statefulset.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-core-config.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-worker-config.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-core-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-worker-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/scanning-alertmgr-service.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/scanning-api-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/scanning-alertmgr-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-enterprise-license.yaml #version 2.4.1 or higher
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-reports-config.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-reports-deployment.yaml
    kubectl -n $NAMESPACE apply -f sysdigcloud/anchore-reports-service.yaml