This section contains details on the upgrade of Advanced Authentication in an air gap environment on Azure Kubernetes Service. You can upgrade Advanced Authentication containers into Kubernetes clusters using the docker images and Helm charts.
NOTE:Ensure to install the following packages on a Linux client machine (Windows OS is not supported):
Linux operating system, docker, docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin, helm, kubectl, and Azure CLI.
Download the AdvancedAuthDocker-<version>.zip file from Patch Manager.
Unzip the AdvancedAuthDocker-<version>.zip file and go into the dockerimages directory.
Run the following command to start the docker:
systemctl start docker
Run the following command to load the images from the docker images tgz file on your server:
docker load -i aauth-images.tgz
Run the following command and verify that the images are loaded:
docker images
mfsecurity/aaf-webauth:<version>
mfsecurity/aaf-aucore:<version>
mfsecurity/aaf-redis:<version>
mfsecurity/aaf-repldb:<version>
mfsecurity/aaf-fipsd:<version>
mfsecurity/aaf-afisd:<version>
mfsecurity/aaf-radiusd:<version>
mfsecurity/aaf-searchd:<version>
mfsecurity/aaf-webd:<version>
mfsecurity/aaf-audb:<version>
gliderlabs/logspout:<version>
Run the following commands to retag the docker images per specifications from your internal docker repository:
docker tag mfsecurity/<name>:<version> <internalDocker>/<name>:<version>
docker tag gliderlabs/<name>:<version> <internalDocker>/<name>:<version>
Provide the credentials to perform docker login to your internal or private registry.
Run the following command to push the newly tagged images to your internal docker repository:
docker push <internalDocker>/<name>:<version>
Download the aaf-<version>-helm-chart.zip file from Patch Manager.
Unpack the zip file. You can view the aaf-<version>.tgz tar file.
Run the following command to unpack the tar file:
tar zxvf aaf-<version>.tgz
Modify the values.yaml file by replacing the default value mfsecurity with the value for the internal repository internalDocker.
Log in to Azure.
Run the following command to upgrade the helm chart:
helm upgrade --namespace <name_of_kubernetes_namespace> <helm_chart_release_name> <path_of_helm_chart>
For example, helm upgrade --namespace aaf-test aaf-test1 --set lb.enabled=true ./aaf_63sp3/
NOTE:After upgrade, perform the following to monitor events, logs, and persistent volume claims of your namespace:
Run the following command to view latest events:
kubectl get events --namespace <name_of_kubernetes_namespace>
Run the following command to get the logs of Advanced Authentication containers:
kubectl logs $(kubectl get pods --no-headers -o custom-columns=":metadata.name" --namespace <name_of_kubernetes_namespace>) -c aucore --namespace <name_of_kubernetes_namespace>
Run the following command to check persistent volume claims:
kubectl get pvc --namespace <name_of_kubernetes_namespace>