Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

📙 You will learn

How to upgrade a Kubernetes deployment of ThreadFix with Helm.

Prerequisites

Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: See Pre-requisites list below

Pre-requisites list

  • ThreadFix instance running in Kubernetes

  • kubectl access to Kubernetes cluster

  • Helm version greater than 3.5

Upgrading

Enter the following commands on a command line to perform the described action.

  1. Add the Denim Group Helm repository if not present:

    helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/

  2. Backup the ThreadFix instance by following the Backup & Restore guide.

  3. Get the Helm release name for the ThreadFix instance.

    TF_RELEASE=$(helm ls | grep threadfix | awk '{print $1}')

  4. Get the current installed version of ThreadFix.

    TF_VERSION=$(helm ls --filter "$TF_RELEASE" | grep -o 'threadfix-[Az0-9\.\-]*' | sed 's|threadfix-||g')

  5. ThreadFix automatically generates internal credentials if not explicitly provided. If not already done so, save these in a secure location for recovery purposes.

    1. Network properties:

      kubectl get secrets ${TF_RELEASE}-network-props -o go-template='{{index .data "network.properties"}}' | base64 -d

    2. Database password:

      kubectl get secret ${TF_RELEASE}-db -o jsonpath='{ .data.password }' | base64 -d

    3. Postgres password:

      kubectl get secret ${TF_RELEASE}-postgresql -o jsonpath='{ .data.postgresql-password }' | base64 -d

    4. ESAPI encryption keys:

      kubectl get secret ${TF_RELEASE}-config-secrets -o go-template='{{ index .data "ESAPI.properties" }}' | base64 -d | grep ESAPI.M
aster

  6. Pull the latest chart from Denim Group's Helm repository for ThreadFix.

    helm repo update

  7. Check the latest available version.

    helm search repo threadfix

  8. Review the release notes prior to upgrading. Not all upgrade paths are supported.

  9. (Optional) If changes to the charts values are required:

    1. Export the currently installed Helm values.

      helm get values $TF_RELEASE > myValues.yaml

    2. Make necessary changes to the myValues.yaml file.

    3. Pass the modified values file in the the helm upgrade command with -f myValues.yaml.

  10. Upgrade ThreadFix with Helm (include -f myValues.yaml if modifying installation values).

    helm upgrade $TF_RELEASE denimgroup/threadfix

  11. Follow the Upgrade Validation Checklist to validate the ThreadFix upgrade has completed successfully. If there are any issues, users may rollback to the previous state with:

    helm rollback $TF_RELEASE

    If rolling back a failed upgrade, the user may have to restore the database from backup depending on the status of the database migration. Follow Backup & Restore for more information.

Table of Contents

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.