Installer Upgrade (2.5.0+)

Overview

Warning

All on-premises installations and upgrades are now scheduled with and guided by Sysdig technical account managers and professional services division. See Oversight Services Now Offered for All Installs and Upgrades .

For customers, the instructions in this section are for review purposes only.

The Installer tool can be used to upgrade a Sysdig implementation. Just as in an installation, you must meet the prerequisites, download the values.yaml, edit the values as indicated, and run the installer. The main difference is that you run it twice: once to discover the differences between the old and new versions and the second time to deploy the new version.

As this is a new feature, some guidance from Sysdig Professional Services may be warranted in highly customized installations.

Supported Installer Versions

On-Prem Version

Installer Version

3.0.0

3.0.0-7

3.2.0

3.2.0-9

3.2.2

3.2.2-1

Upgrade Steps

To upgrade:

  1. Download the latest installer binary that matches your OS from the sysdigcloud-kubernetes releases page.

  2. Copy the current version of values.yaml to your working directory.

    wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
  3. Edit the following values:

    • scripts: set to generate diff.

      This setting will generate the differences between the installed environment and the upgrade version. The changes will be displayed in your terminal.

  4. The remaining parameters are edited as they would be in an installation:

    • size: Specifies the size of the cluster. Size defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and large

    • quaypullsecret: quay.io provided with your Sysdig purchase confirmation mail

    • storageClassProvisioner: The name of the storage class provisioner to use when creating the configured storageClassName parameter. When installing, if you use AWS or GKE as your storage provisioner for Kubernetes, enter aws or gke in the storageClassProvisioner field. If you do not use one of those two dynamic storage provisioners, enter: hostPath and then refer to the Advanced examples for how to configure static storage provisioning using this option.

    • sysdig.license: Sysdig license key provided with your Sysdig purchase confirmation mail

    • sysdig.anchoreLicensePath: The path relative to the values.yaml where the Anchore enterprise license yaml is located. (For Sysdig Secure users only.)

    • sysdig.dnsname: The domain name the Sysdig APIs will be served on. Note that the master node may not be used as the DNS name when using hostNetwork mode.

    • sysdig.collector.dnsName: (OpenShift installs only) Domain name the Sysdig collector will be served on. When not configured it defaults to whatever is configured for sysdig.dnsName. Note that the master node may not be used as the DNS name when using hostNetwork mode.

    • deployment: (OpenShift installs only) Add deployment: openshift to the root of the values.yaml file.

    • sysdig.ingressNetworking: The networking construct used to expose the Sysdig API and collector.Options are:

      • hostnetwork: sets the hostnetworking in the ingress daemonset and opens host ports for api and collector. This does not create a Kubernetes service.

      • loadbalancer: creates a service of type loadbalancer and expects that your Kubernetes cluster can provision a load balancer with your cloud provider.

      • nodeport: creates a service of type nodeport.The node ports can be customized with:

        sysdig.ingressNetworkingInsecureApiNodePort

        sysdig.ingressNetworkingApiNodePort

        sysdig.ingressNetworkingCollectorNodePort

      Note

      If doing an airgapped install , you would also edit the following values:

    • airgapped_registry_name: The URL of the airgapped (internal) docker registry. This URL is used for installations where the Kubernetes cluster can not pull images directly from Quay

    • airgapped_registry_password: The password for the configured airgapped_registry_username. Ignore this parameter if the registry does not require authentication.

    • airgapped_registry_username: The username for the configured airgapped_registry_name. Ignore this parameter if the registry does not require authentication.

  5. Run the installer.

    For environments with access to the internet:

    docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config 
    -v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z 
    quay.io/sysdig/installer:<version>

    For other supported installer versions, see Supported Installer Versions.

    For partial-airgap (installation machine has access to the internet):

    docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config 
      -v ~/.kube:/.kube:Z 
      -v $(pwd):/manifests:Z 
      -v /var/run/docker.sock:/var/run/docker.sock:Z 
      -v ~/.docker:/root/docker:Z 
      quay.io/sysdig/installer:<version>

    For other supported installer versions, see Supported Installer Versions.

    For full airgapped environment:

    Run steps 1-4 in the Full Airgap Install, then run:

    bash sysdig_installer.tar.gz
  6. If you are fine with the differences displayed, then set scripts to deploy and rerun the installer as in Step 3.

    If you want to override a change, based on your environment’s custom settings, then contact Sysdig Support for assistance.

  7. The datastores Cassandra and ElasticSearch have an onDelete update strategy and must be manually restarted to complete the upgrade.