4.3 Upgrading Advanced Authentication on Azure Kubernetes Services in an Air Gap Environment

This section contains details on the upgrade of Advanced Authentication in an air gap environment on Azure Kubernetes Service. You can upgrade Advanced Authentication containers into Kubernetes clusters using the docker images and Helm charts.

4.3.1 Pre-Upgrade Procedure

NOTE:Ensure to install the following packages on a Linux client machine (Windows OS is not supported):

Linux operating system, docker, docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin, helm, kubectl, and Azure CLI.

  1. Download the AdvancedAuthDocker-<version>.zip file from Patch Manager.

  2. Unzip the AdvancedAuthDocker-<version>.zip file and go into the dockerimages directory.

  3. Run the following command to start the docker:

    systemctl start docker

  4. Run the following command to load the images from the docker images tgz file on your server:

    docker load -i aauth-images.tgz

  5. Run the following command and verify that the images are loaded:

    docker images

    • mfsecurity/aaf-webauth:<version>

    • mfsecurity/aaf-aucore:<version>

    • mfsecurity/aaf-redis:<version>

    • mfsecurity/aaf-repldb:<version>

    • mfsecurity/aaf-fipsd:<version>

    • mfsecurity/aaf-afisd:<version>

    • mfsecurity/aaf-radiusd:<version>

    • mfsecurity/aaf-searchd:<version>

    • mfsecurity/aaf-webd:<version>

    • mfsecurity/aaf-audb:<version>

    • gliderlabs/logspout:<version>

  6. Run the following commands to retag the docker images per specifications from your internal docker repository:

    docker tag mfsecurity/<name>:<version> <internalDocker>/<name>:<version>

    docker tag gliderlabs/<name>:<version> <internalDocker>/<name>:<version>

  7. Provide the credentials to perform docker login to your internal or private registry.

  8. Run the following command to push the newly tagged images to your internal docker repository:

    docker push <internalDocker>/<name>:<version>

4.3.2 Upgrade Procedure

  1. Download the aaf-<version>-helm-chart.zip file from Patch Manager.

  2. Unpack the zip file. You can view the aaf-<version>.tgz tar file.

  3. Run the following command to unpack the tar file:

    tar zxvf aaf-<version>.tgz

  4. Modify the values.yaml file by replacing the default value mfsecurity with the value for the internal repository internalDocker.

  5. Log in to Azure.

  6. Run the following command to upgrade the helm chart:

    helm upgrade --namespace <name_of_kubernetes_namespace> <helm_chart_release_name> <path_of_helm_chart>

    For example, helm upgrade --namespace aaf-test aaf-test1 --set lb.enabled=true ./aaf_63sp3/

    NOTE:After upgrade, perform the following to monitor events, logs, and persistent volume claims of your namespace:

    • Run the following command to view latest events:

      kubectl get events --namespace <name_of_kubernetes_namespace>

    • Run the following command to get the logs of Advanced Authentication containers:

      kubectl logs $(kubectl get pods --no-headers -o custom-columns=":metadata.name" --namespace <name_of_kubernetes_namespace>) -c aucore --namespace <name_of_kubernetes_namespace>

    • Run the following command to check persistent volume claims:

      kubectl get pvc --namespace <name_of_kubernetes_namespace>