Skip to content

Upgrade Third-Party Dependencies

This page outlines the process for upgrading third-party dependencies for Terraform-based infrastructure deployments.

Third-party dependencies refer to the software that is installed by the Terraform scripts to support the deployment of kdb Insights Enterprise.

When to upgrade

Each release of kdb Insights Enterprise includes a Third-party Dependencies section in the release notes. This section lists the specific versions of the third-party infrastructure components that have been tested and verified for compatibility with that specific kdb Insights Enterprise release and provides links to download the required files.

To ensure continued stability, compatibility, and support, it is recommended that you update these dependencies in conjunction with the corresponding upgrade of kdb Insights Enterprise.

Upgrade cert-manager

  1. Using the download links in the kdb Insights Enterprise release notes, get the latest version of the cert-manager helm chart for the specific release of kdb Insights Enterprise.

  2. Switch to your local kxi-terraform directory.

  3. Open the Terraform variables.tf file for your cloud provider, for example, AWS (Amazon Web Services), ACS (Azure Cloud Services), or GCP (Google Cloud Platform), and update the cert-manager helm chart version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "cert_manager_helm_version" {
....
default = "1.16.3"
}

    vi terraform/k8s_config_azure/variables.tf
variable "cert_manager_helm_version" {
....
default = "1.16.3"
}

    vi terraform/k8s_config_gcp/variables.tf
variable "cert_manager_helm_version" {
....
default = "1.19.1"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.cert-manager"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the cert-manager helm chart version.

    helm ls -n cert-manager

Upgrade ingress-nginx

  1. Using the download links in the kdb Insights Enterprise release notes, get the latest version of the ingress-nginx helm chart for the specific release of kdb Insights Enterprise

  2. Switch to your local kxi-terraform directory.

  3. Open the Terraform variables.tf file for your cloud provider (for example, AWS, ACS, or GCP), and update the ingress-nginx helm chart version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "ingress_nginx_helm_version" {
....
default = "4.11.5"
}  

    vi terraform/k8s_config_azure/variables.tf
variable "ingress_nginx_helm_version" {
....
default = "4.11.5"
}

    vi terraform/k8s_config_gcp/variables.tf
variable "ingress_nginx_helm_version" {
....
default = "4.11.5"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.ingress-nginx"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the ingress-nginx helm chart version.

    helm ls -n ingress-nginx

Upgrade nginx-community

  1. Using the download links in the kdb Insights Enterprise release notes, get the latest version of the nginx-community helm chart for the specific release of kdb Insights Enterprise.

  2. Switch to your local kxi-terraform directory.

  3. Open the Terraform variables.tf file for your cloud provider (for example, AWS, ACS, or GCP), and update the nginx-community helm chart version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "nginx_community_helm_version" {
....
default = "2.4.1"
}  

    vi terraform/k8s_config_azure/variables.tf
variable "nginx_community_helm_version" {
....
default = "2.4.1"
}

    vi terraform/k8s_config_gcp/variables.tf
variable "nginx_community_helm_version" {
....
default = "2.4.1"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.nginx-community"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the nginx-community helm chart version.

    helm ls -n nginx-community

Ingress post upgrade steps

If you have deployed kdb Insights Enterprise with Encryption in flight enabled, you need to re-enable this setting on your chosen Ingress Controller post upgrade.

This involves using helm and the kxi cli to interact with your kdb Insight Enterprise deploy. Follow the steps below:

ingress-nginx

  1. Get your kdb Insights Enterprise values using helm

    INSIGHTS_NAMESPACE=<insights namespace>
helm get values -n $INSIGHTS_NAMESPACE insights -o yaml > insights-values.yaml

  2. Download and install the latest kxi cli see

    Note

    Requires kxi cli version 1.18.3 or greater!

  3. Get your current ingress controller settings

    helm get values -n ingress-nginx ingress-nginx -o yaml > ingress-nginx-values.yaml.1

  4. Run the kxi cli to update your ingress controller settings

    INSIGHTS_VERSION=<insights version>
kxi task run nginx --version $INSIGHTS_VERSION --encryption true -f insights-values.yaml

  5. Get your updated ingress controller settings

    helm get values -n ingress-nginx ingress-nginx -o yaml > ingress-nginx-values.yaml.2

  6. Diff your ingress controller settings and ensure the istio podAnnotations and podLabels are present:

    diff ingress-nginx-values.yaml.1 ingress-nginx-values.yaml.2

    The output should look something like this: 

    >   podAnnotations:
>     traffic.sidecar.istio.io/excludeInboundPorts: "443"
>     traffic.sidecar.istio.io/includeInboundPorts: ""
>   podLabels:
>     sidecar.istio.io/inject: "true"

nginx-community

  1. Get your kdb Insights Enterprise values using helm:

    INSIGHTS_NAMESPACE=<insights namespace>
helm get values -n $INSIGHTS_NAMESPACE insights -o yaml > insights-values.yaml

  2. Download and install the latest kxi cli, refer to the installation guide for more details.

    Note

    Requires kxi cli version 1.18.3 or greater!

  3. Get your current ingress controller settings:

    helm get values -n nginx-community nginx-community -o yaml > nginx-community-values.yaml.1

  4. Run the kxi cli to update your ingress controller settings:

    INSIGHTS_VERSION=<insights version>
kxi task run nginx-f5 --version $INSIGHTS_VERSION --encryption true -f insights-values.yaml

  5. Get your updated ingress controller settings:

    helm get values -n nginx-community nginx-community -o yaml > nginx-community-values.yaml.2

  6. Diff your ingress controller settings and ensure the istio podAnnotations and podLabels are present:

    diff nginx-community-values.yaml.1 nginx-community-values.yaml.2

    The output should look similar to the below:

    >   podAnnotations:
>     traffic.sidecar.istio.io/excludeInboundPorts: "443"
>     traffic.sidecar.istio.io/includeInboundPorts: ""
>   podLabels:
>     sidecar.istio.io/inject: "true"

Upgrade Rook-Ceph

Important

Rook-Ceph must be upgraded one minor version at a time. For example, to upgrade from 1.15.9 to 1.17.0, two sequential minor version upgrades are required: 1.15.9 -> 1.16.7 -> 1.17.0.

Review the rook-ceph release notes for breaking changes.

Read the rook-ceph upgrade documentation for more details.

Prepare the environment

  1. Using the download links in the kdb Insights Enterprise release notes, get the latest version of the rook-ceph helm chart for the specific release of kdb Insights Enterprise. Remember to upgrade one minor version at a time.

  2. Switch to your local kxi-terraform directory.

  3. Update the rook_ceph_helm_version variable in terraform/modules/rook-ceph-helm/variables.tf to the next minor version and latest available patch version.

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Export the cloud Terraform variable.

    export TF_VAR_cloud=$CLOUD

  6. Export the cluster_name Terraform variable.

    export TF_VAR_cluster_name=$CLOUD-$ENV

  7. Export the region Terraform variable.

    export TF_VAR_region=$REGION

  8. Export the architecture_profile Terraform variable.

    export TF_VAR_architecture_profile=$PROFILE

  9. Run the terraform init command.

    ./scripts/terraform.sh init config

  10. Switch to the config Terraform stage directory for your cloud provider.

    cd terraform/k8s_config_aws

    cd terraform/k8s_config_azure

    cd terraform/k8s_config_gcp

Upgrade the rook-ceph operator

  1. Run the terraform plan command for the rook-ceph helm chart.

    terraform plan -out=.terraform/rook-ceph-$CLOUD-$ENV.tfplan -target=module.rook-ceph-helm[0].helm_release.rook_ceph

    The output should confirm that the rook-ceph helm chart will be upgraded to the specified version.

    # module.rook-ceph-helm[0].helm_release.rook_ceph will be updated in-place
  ~ resource "helm_release" "rook_ceph" {
        id                         = "rook-ceph"
        name                       = "rook-ceph"
      ~ version                    = "v1.15.9" -> "v1.16.7"
        # (27 unchanged attributes hidden)
    }

  2. Upgrade the rook-ceph helm chart

    terraform apply -input=false .terraform/rook-ceph-$CLOUD-$ENV.tfplan

Upgrade the rook-ceph cluster

  1. Run the terraform plan command for the rook-ceph-cluster helm chart.

    terraform plan -out=.terraform/rook-ceph-cluster-$CLOUD-$ENV.tfplan -target=module.rook-ceph-helm[0].helm_release.rook-ceph-cluster

    The output should confirm that the rook-ceph helm chart will be upgraded to the specified version.

    # module.rook-ceph-helm[0].helm_release.rook_ceph will be updated in-place
  ~ resource "helm_release" "rook_ceph" {
        id                         = "rook-ceph-cluster"
        name                       = "rook-ceph-cluster"
      ~ version                    = "v1.15.9" -> "v1.16.7"
        # (27 unchanged attributes hidden)
    }

  2. Upgrade the rook-ceph-cluster helm chart

    terraform apply -input=false .terraform/rook-ceph-cluster-$CLOUD-$ENV.tfplan

AWS cluster third-party dependencies

Note

This section applies to AWS (EKS) only.

The following third-party dependencies are installed on AWS clusters as Helm charts by the config Terraform stage. They are all deployed to the kube-system namespace, and their versions are pinned by variables in terraform/k8s_config_aws/variables.tf. The table below lists the current default versions; use it as a reference for the versions you are upgrading from, and follow the per-component steps that follow to upgrade each one.

Component Helm repository Version Terraform variable
aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver 2.56.1 aws_ebs_csi_driver_helm_version
aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver 3.4.1 aws_efs_csi_driver_helm_version
aws-load-balancer-controller https://aws.github.io/eks-charts 3.0.0 aws_load_balancer_controller_helm_version
cluster-autoscaler https://kubernetes.github.io/autoscaler 9.56.0 cluster_autoscaler_helm_version
metrics-server https://kubernetes-sigs.github.io/metrics-server 3.13.0 metrics_server_helm_version

Note

These versions are managed by Renovate and are bumped automatically as new versions are released, so the values above reflect the current repository defaults.

Upgrade aws-ebs-csi-driver

  1. Get the version of the aws-ebs-csi-driver helm chart you want to upgrade to from the chart repository.

  2. Switch to your local kxi-terraform directory.

  3. Open terraform/k8s_config_aws/variables.tf and update the aws_ebs_csi_driver_helm_version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "aws_ebs_csi_driver_helm_version" {
....
default = "2.56.1"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.aws-ebs-csi-driver"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the aws-ebs-csi-driver helm chart version.

    helm ls -n kube-system

Upgrade aws-efs-csi-driver

  1. Get the version of the aws-efs-csi-driver helm chart you want to upgrade to from the chart repository.

  2. Switch to your local kxi-terraform directory.

  3. Open terraform/k8s_config_aws/variables.tf and update the aws_efs_csi_driver_helm_version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "aws_efs_csi_driver_helm_version" {
....
default = "3.4.1"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.aws-efs-csi-driver"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the aws-efs-csi-driver helm chart version.

    helm ls -n kube-system

Upgrade aws-load-balancer-controller

  1. Get the version of the aws-load-balancer-controller helm chart you want to upgrade to from the chart repository.

  2. Switch to your local kxi-terraform directory.

  3. Open terraform/k8s_config_aws/variables.tf and update the aws_load_balancer_controller_helm_version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "aws_load_balancer_controller_helm_version" {
....
default = "3.0.0"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.aws-load-balancer-controller"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the aws-load-balancer-controller helm chart version.

    helm ls -n kube-system

Upgrade cluster-autoscaler

  1. Get the version of the cluster-autoscaler helm chart you want to upgrade to from the chart repository.

  2. Switch to your local kxi-terraform directory.

  3. Open terraform/k8s_config_aws/variables.tf and update the cluster_autoscaler_helm_version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "cluster_autoscaler_helm_version" {
....
default = "9.56.0"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.cluster-autoscaler"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the cluster-autoscaler helm chart version.

    helm ls -n kube-system

Upgrade metrics-server

  1. Get the version of the metrics-server helm chart you want to upgrade to from the chart repository.

  2. Switch to your local kxi-terraform directory.

  3. Open terraform/k8s_config_aws/variables.tf and update the metrics_server_helm_version variable to the new version.

    vi terraform/k8s_config_aws/variables.tf
variable "metrics_server_helm_version" {
....
default = "3.13.0"
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init config

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan config -target="helm_release.metrics-server"

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply config

  8. Verify the metrics-server helm chart version.

    helm ls -n kube-system

Upgrade the EKS managed add-ons

Note

This section applies to AWS (EKS) only.

The coredns, vpc-cni, and kube-proxy components are installed as EKS managed add-ons (aws_eks_addon) rather than as Helm charts. They are declared in the cluster_addons block of terraform/modules/k8s_cluster_aws/main.tf in the cluster Terraform stage, and no add-on version is pinned.

Upgrade automatically with the cluster

Because no addon_version is set, AWS resolves the default add-on version for the active cluster_version. As a result, when you upgrade the Kubernetes version (see Upgrade Kubernetes Cluster), applying the cluster upgrade automatically pulls the matching default add-on versions. No separate step is required in this case.

Upgrade an add-on explicitly

Follow these steps to pin an add-on to a specific version independently of a cluster upgrade.

  1. Find the available add-on versions for your Kubernetes version.

    aws eks describe-addon-versions --kubernetes-version <version> --addon-name <coredns|vpc-cni|kube-proxy>

  2. Switch to your local kxi-terraform directory.

  3. Open terraform/modules/k8s_cluster_aws/main.tf and set the addon_version for the relevant add-on in the cluster_addons block, for example:

    cluster_addons = {
  coredns = {
    addon_version     = "<version>"
    resolve_conflicts = "OVERWRITE"
  }
  ...
}

  4. Run the manage-cluster.sh script.

    ./scripts/manage-cluster.sh

    .\scripts\manage-cluster.bat

  5. Run the terraform init command.

    ./scripts/terraform.sh init cluster

  6. Run the terraform plan command.

    ./scripts/terraform.sh plan cluster -target='module.kx-aws.module.eks.aws_eks_addon.this["<addon>"]'

  7. Run the terraform apply command.

    ./scripts/terraform.sh apply cluster

  8. Verify the add-on version.

    aws eks describe-addon --cluster-name $TF_VAR_cluster_name --addon-name <addon> --query 'addon.addonVersion'