Upgrade Helm charts and Kubernetes
  • 01 Dec 2021
  • 2 Minutes to read
  • PDF

Upgrade Helm charts and Kubernetes

  • PDF

Article Summary

The topic covers upgrading from old Helm charts to the latest version which installs the new traceable-agent.

You can upgrade from the old Helm chart version 1.0.80 to the latest version. The latest Helm chart installs traceable-agent. The traceable-agent bundles collector and OPA agent in it. When you upgrade to the latest Helm chart, the traceable-agent automatically replaces the collector and OPA services. You do not need to make any changes to the Helm configuration for this change to reflect. The changes required for the upgrade are described in the next section.

Configuration changes for Helm chart

Complete the following configuration changes in your values.yml file for a seamless upgrade to the latest Helm chart.

  • Move collector configuration to a new element In your values.yml file, move your end user configuration under the collector,that is, collector.enduserto traceable-agent element - traceable-agent.enduser.
  • PII filter configurationIf you have configured PII filtering in collector configuration in values.ymlfile, note the following updates:
    • Move the configuration from collector.piiFilter to traceable-agent.piiFilter.
    • Dash to underscore - The YAML keys now use underscore (_) instead of dash (-), for example, complex-data is now complex_data, redaction-strategy is now redaction_strategy and so on.
    • Category key -category as a configuration key is not supported.
    • modsec-config key - modsec-config as a configuration key is not supported.
  • Enabling and disabling collector and OPA - If you have configured collector and OPA manually, then:
    • collector.enabled should now be changed to traceable-agent.collectorEnabled.
    • opa.enabled should now be changed to traceable-agent.opaEnabled.
  • Custom configurationunder sidecar-injector are now under traceable-agent.injector. Note that not all the configurations have a direct mappings, however, following fields do:
    • inboundExcludePorts is mapped to proxy.inboundExcludePorts
    • outboundExcludePorts is mapped to proxy.outbountExcludePorts
    • traceContext is mapped to propagationFormats

Upgrade the Helm chart

After you have made the changes to values.yml file, run the following command with the new charts and the updated values.yml file:

helm repo add traceableai https://helm.traceable.ai
helm repo update
helm upgrade <RELEASE_NAME> traceableai/traceableai --namespace traceableai -f values.yaml

 Or you can use the following

helm upgrade <RELEASE_NAME> traceableai/traceableai --namespace traceableai \
  --set global.clusterName=$CLUSTER_NAME \
  --set global.sidecarBlocking=false \
  --set global.token=******************

Or, If you wish to have default settings with blocking enabled, then enter the following:

helm upgrade <RELEASE_NAME> traceableai/traceableai --namespace traceableai \
  --set global.clusterName=$CLUSTER_NAME \
  --set global.token=******************

On a successful upgrade, the collector and opa pods are deleted and in their place traceable-agent service would be visible.

You do not need to restart the deployment after the upgrade.  

Reverting to the old configuration

If for some reason, you wish to revert to using collector and OPA individual services instead of traceable-agent, set global.traceAgent.enabled to false.

    enabled: false

Upgrade traceableai Kubernetes manifest installation

If you have deployed traceableai using kubectl apply on manifests downloaded from Traceable's charts, for example:

kubectly apply -f traceableai.yml

 Use kubectl delete command on the old traceableai.yml file. This will delete all the resources. Enter kubectl apply command on the new traceableai.yml file.

Was this article helpful?