1. Upgrading Defender DaemonSets with twistcli

Delete the Defender DaemonSet, then rerun the original install procedure.

Prerequisites

  • You know all the parameters passed to twistcli when you initially deployed the Defender DaemonSet. You’ll need them to recreate a working configuration file for your environment.

Procedure

  1. Delete the Defender DaemonSet.

    $ {orchestrator-cmd} -n twistlock delete ds twistlock-defender-ds
    $ {orchestrator-cmd} -n twistlock delete sa twistlock-service
    $ {orchestrator-cmd} -n twistlock delete secret twistlock-secrets
  2. Determine the Console service’s external IP address.

    $ {orchestrator-cmd} get service -o wide -n twistlock
  3. Generate a defender.yaml file. Pass the same options to twistcli as you did in the original install. The following example command generates a YAML configuration file for the default install.

    The following command connects to Console’s API (specified in --address) as user <ADMIN> (specified in --user), and retrieves a Defender DaemonSet YAML config file according to the configuration options passed to twistcli. The --cluster_address option specifies the address Defender uses to connect to Console, and the value is encoded in the DaemonSet YAML file.

    • <PLATFORM> can be linux or osx.

    • <ADMIN_USER> is the name of an admin user.

  4. Deploy the Defender DaemonSet.

       $ {orchestrator-cmd} create -f defender.yaml
  5. Open a browser, navigate to Console, then go to Manage > Defenders > Manage to see a list of deployed Defenders.

2. Upgrading Defender DaemonSets from Console

Upgrade the DaemonSet Defenders directly from the Console UI.

If you can’t access your cluster with {orchestrator-cmd}, then you can upgrade Defender DaemonSets directly from the Console UI.

Prerequisites

  • You’ve created a kubeconfig credential for your cluster so that Twistlock can access it to upgrade the Defender DaemonSet.

Procedure

  1. Log into Twistlock Console.

  2. Go to Manage > Defenders > Manage.

  3. Click DaemonSets.

  4. For each cluster in the table, click Actions > Upgrade.

Results

The table shows a count of deployed Defenders and their new version number.