As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

In order to upgrade from ThreadFix 3.2 to 3.3.1 users must be aware of required Helm Value & Posgresql Changes detailed below.

Helm Value Changes

In ThreadFix 3.3, Kong PostgreSQL Subcharts now have the following structure changes:

Prior to ThreadFix 3.3:

echo "kong:
  postgresql:
    postgresqlPassword: $PG_PASSWORD
global:
  threadfix:
    licenseCMOverride: tf-license" > myValues/myValues.yaml

As of ThreadFix 3.3:

echo "kong:
  postgresql:
    auth:
      password: $PG_PASSWORD
global:
  threadfix:
    licenseCMOverride: tf-license" > myValues/myValues.yaml

Posgresql Updates

The following requires first adjusting the Kong PostgreSQL Subcharts above, and ThreadFix version 3.2.

  1. Set environment variables like below:

    export TF_RELEASE=$(helm ls | grep threadfix | awk '{ print $1}')
export POSTGRESQL_PASSWORD=$(kubectl get secret  ${TF_RELEASE}-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
export PG_ADMIN_PASSWORD=$(openssl rand -base64 32)

  2. Export current helm values:

    helm get values $TF_RELEASE > myValues-3-2-0.yaml

  3. Add the helm repo and update:

    helm repo add threadfix https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/
helm repo update

  4. Delete postgresql:

    kubectl delete sts ${TF_RELEASE}-postgresql
kubectl delete pvc data-${TF_RELEASE}-postgresql-0
kubectl delete secret ${TF_RELEASE}-postgresql


  5. Upgrade with --no-hooks set:

    helm upgrade $TF_RELEASE denimgroup/threadfix -f myValues-3-2-0.yaml \
--set kong.postgresql.auth.password="$POSTGRESQL_PASSWORD" \
--set kong.postgresql.auth.postgresPassword="$PG_ADMIN_PASSWORD" \
--no-hooks

  6. Manually run kong migrations:

    kubectl exec -it $(kubectl get pods -l 'app.kubernetes.io/name=kong,app.kubernetes.io/version=2.8' -o jsonpath='{ .items[].metadata.name }') -c wait-for-db -- kong migrations bootstrap

  7. To confirm the upgrade was successful, echo the following TF_VERSION variable:

    TF_VERSION=$(helm ls --filter "$TF_RELEASE" | grep -o 'threadfix-[Az0-9\.\-]*' | sed 's|threadfix-||g')

echo $TF_VERSION

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.