Upgrade Procedures
If you have an existing sidecar running on any previous version than v4.10
,
follow the upgrade instructions for sidecars below v4.10
.
Starting in v4.10
, the sidecar deployment templates will no longer be
downloaded from the control plane and all of them are publicly available in our
Cyral Quick Start page on GitHub.
Sidecars running on some of our deployment templates now support an optional upgrade flow with a click of a button (1-click upgrade) directly from the Cyral control plane. This process was created to speed up sidecar upgrades and support customers' teams that don't want to deal with the underlying deployment infrastructure to upgrade sidecars as the whole process can be performed from the Cyral UI.
info
See the 1-click upgrade
documentation section of your choice of quick start
deployment template for more information on how to enable or block
upgrades directly from the Cyral UI.
1-click upgrade
The 1-click upgrade is supported by the AWS EC2 deployment templates
available in the Cyral Quick Start. These
templates must be used to deploy all new sidecars and to upgrade existing
sidecars to v4.10
or later. If you have an existing sidecar v4.9
or below,
refer to the upgrade procedures for sidecars below v4.10
for more information.
Once the feature is enabled for a deployed sidecar and a new version is available, upgrade buttons will show in the Deployment tab of your Sidecar Details page. These buttons will allow for the upgrade of all instances at once or to upgrade instances individually.
When the upgrade is requested, the internal state of the instance
stored in the control plane is updated marking that instance to be
recycled. Sidecars deployed with the feature enabled will have its
instances watching for changes in the recycle
status.
In case it is marked for recycling, the instance health status will
change in order to force it to be replaced. The deployment template
will then take care of the process of replacing the instance by the
latest available version as indicated in the control plane.
The whole 1-click upgrade process can take up to a few minutes to destroy the old instances and show the new ones in the Instances tab.
Manual upgrade
As the 1-click upgrade is an optional feature, administrators can entirely block this feature and prevent sidecars from being upgraded from the control plane.
Once the feature is blocked, the version provided by the administrator during the sidecar deployment will be marked as a static version and the upgrade process blocked in the control plane. As an additional layer of protection, sidecars with a static version defined will not watch for changes in the recycle status, thus completely ignoring this feature at a local instance level.