Skip to main content
UAP 8.x Releases

Search

Cequence UAP 8.5.x to 8.6.x upgrade and rollback

© 2024 Cequence Security. All Rights Reserved.

Cequence UAP 8.5.x to 8.6.x upgrade and rollback

  • Updated on
  • ~ minute read
Download PDF

This article outlines the procedure for upgrading the Cequence Unified API Protection (UAP) platform to release 8.6.0 and rolling back if necessary. The 8.6.0 release includes upgrades to Strimzi (0.44.0 to 0.45.2) and Kafka (3.7.0 to 3.9.1).

Pre-upgrade checklist

Verify the following conditions before proceeding with the upgrade.

  • Current system is on Cequence UAP platform release 8.5.0 or later.
  • Defender is on release 6.0.1 or later, and earlier than release 6.1.0.

Upgrade procedure

Export configuration

Export all current configurations before starting the upgrade.

Upgrade UAP to 8.6.0

Run the Helm upgrade command to deploy release 8.6.0. Monitor the upgrade process as pods are recreated and verify that all components complete successfully.

The airflow-webserver pod sometimes enters CrashLoopBackOff status. If this occurs, delete the pod to allow it to restart automatically.

Post-upgrade verification

After the upgrade completes, verify the following.

  • All pods are running properly.
  • The Cequence UAP platform version has updated correctly.
  • System logs contain no errors or warnings.

Monitoring period

Monitor system performance for several hours after the upgrade completes. Check for error logs or unusual behavior and verify that all components function correctly.

Rollback procedure

If issues are detected during or after the upgrade, follow the steps in this section to roll back to release 8.5.2-KAFKA3.9.

About release 8.5.2-KAFKA3.9

The Strimzi and Kafka upgrades included in UAP 8.6.0 cannot be directly reversed. Strimzi 0.44.0 has no knowledge of Kafka 3.9.1 and cannot plan a downgrade path to it. Strimzi 0.45.2 enforces a minimum Kafka version of 3.8.0 and cannot downgrade to Kafka 3.7.0. Neither rollback order resolves this without an intermediate step.

Release 8.5.2-KAFKA3.9 is a dedicated rollback target with the following characteristics.

  • Built on the stable 8.5.2 UAP release.
  • Uses Elasticsearch 8.18.8.
  • Retains Kafka 3.9.1 and Strimzi 0.45.2, eliminating the need to roll back the Strimzi operator.
  • Serves as the rollback target regardless of which 8.5.x release was running before the upgrade to 8.6.0.

Rolling back to 8.5.2-KAFKA3.9 reverts UAP functionality to the 8.5.2 level while retaining Kafka 3.9.1 and Strimzi 0.45.2.

Downgrade to 8.5.2-KAFKA3.9

Run the Helm upgrade command with the version specification set to 8.5.2-KAFKA3.9. Monitor the downgrade process and verify that all components complete successfully. Kafka and Strimzi remain on their upgraded versions after the downgrade.

The airflow-webserver pod sometimes enters CrashLoopBackOff status. If this occurs, delete the pod to allow it to restart automatically.

Post-rollback verification

After the downgrade completes, verify the following.

  • All pods are running properly.
  • The Cequence UAP platform version has downgraded correctly to 8.5.2-KAFKA3.9.
  • Kafka is on version 3.9.1. Verify by checking the Kafka cluster resource or the pod images for kafka-entity-operator, kafka-kafka, kafka-kafka-exporter, and kafka-zookeeper.
  • System logs contain no errors or warnings.

Import exported configuration

Import the configuration exported before starting the upgrade.

Was this article helpful?
Japanese (Japan)