Version specific upgrade instructions
StackState Self-hosted v5.1.x
Overview
Review the instructions provided on this page before you upgrade!
This page provides specific instructions and details of any required manual steps to upgrade to each supported version of StackState. Any significant change that may impact how StackState runs after upgrade will be described here, such as a change in memory requirements or configuration.
Read all instructions from the version that you are currently running up to the version that you will upgrade to.
Upgrade instructions
Upgrade to v5.1.x
v5.1.6
The Zookeeper dependency of StackState has been upgraded. Before running helm upgrade
the Zookeeper Statefulset has to be deleted.
Note: the command deletes Statefulset only, pods and pvc-s aren't affected. The helm upgrade
command creates a new Statefulset for Zookeeper and rolls out the Zookeeper pods.
v5.1.0
The node sizing requirements for deploying the StackState platform have changed slightly. Check the requirements to deploy StackState on Kubernetes or OpenShift.
A new
stackstate/stackstate-agent
helm chart is available to deploy the StackState Agent, Checks Agent, Node Agent and kube_state_metrics on Kubernetes and OpenShift clusters. Some values have been renamed in the new chart.The old
stackstate/cluster-agent
chart is being deprecated and will no longer be supported.If you were using the old
stackstate/cluster-agent
helm chart, you should review and update your values.yaml file before deploying with the new chart.
All Splunk checks can now run on Agent V3. If you have any Splunk checks running on Agent V1 (legacy) (Splunk Metrics, Splunk Events or Splunk Topology V1), you should upgrade to Agent V2 or V3 and migrate any checks configured to run on Agent V1 (legacy).Agent V1 (legacy) and will be deprecated in a future release of StackState.
Upgrade to v5.0.x
v5.0.2-v5.0.6
No manual action required.
v5.0.1
⚠️ Don't use. Please upgrade to StackState v5.0.2.
v5.0.0
With the release of the new
sts
CLI, the CLI released with previous versions of StackState has been renamed tostac
:If you install the new
sts
CLI, you should upgrade the oldsts
CLI tostac
.The commands for the new
sts
CLI have changed. Check that any automation is using the correct CLI command (sts
orstac
). Which version of thests
CLI am I running?
Version 5.0.0 of StackState includes a breaking change to the output of the Telemetry Script API. The output uses the new StreamingScriptApi and the data format changed. Any script making use of that API needs to be adapted to deal with the new output format.
The versions of Kubernetes and OpenShift that are supported to run StackState have been updated - AKS and EKS 1.19 are no longer supported. Refer to the requirements documentation for details of all supported platforms: requirements > supported versions.
Upgrade to v4.6.x
v4.6.1
No manual action required.
v4.6.0
Change in supported platforms:
Support for Kubernetes 1.18 was dropped.
Support for OpenShift 4.7 was dropped.
See the requirements for an up-to-date list of supported platforms.
StackPack updates:
Feature: Automatically add Open Telemetry HTTP health checks
Error count (sum) check
Request count (sum) check
Response Time (milliseconds) check
Feature: Add Container integration DataSource and Sync Note that the previous release of StackState (v4.5.x) shipped with StackState Agent StackPack v4.4.12. Read release notes for all versions.
Improvement: Add OpenTelemetry information STAC-15902
Improvement: Documentation for
agent.containerRuntime.customSocketPath
option.
Improvement: Documentation for
agent.containerRuntime.customSocketPath
option.
Unsupported versions
The versions below have reached End of Life (EOL) and are no longer be supported.
Upgrade to v4.5.x (EOL)
v4.5.2 - v4.5.5
No manual action required.
v4.5.1
Adds compatibility with StackState Agent v2.15.0. Read how to upgrade StackState Agent.
v4.5.0
⚠️ This release is susceptible to the Apache log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. Resolved in version v4.5.1.
⚠️ StackState v4.5.0 isn't compatible with StackState Agent v2.15.0.
Change in supported platforms:
Support for Kubernetes 1.17 was dropped.
Support for Amazon Elastic Kubernetes Service (EKS) 1.20 and 1.21 was added.
Support for Azure Kubernetes Service (AKS) 1.20 and 1.21 was added.
Support for OpenShift 4.4, 4.5 and 4.6 was dropped.
Support for OpenShift 4.7 and 4.8 was added.
See the requirements for an up-to-date list of supported platforms.
Upgrade to v4.4.x (EOL)
v4.4.3
No manual action required.
v4.4.1 - v4.4.2
⚠️ These releases are susceptible to the Apache log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. Resolved in version v4.4.3.
v4.4.0
⚠️ This release is susceptible to the Apache log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. Resolved in version v4.4.3.
The CPU and memory requirements to run StackState 4.4 on Kubernetes have been reassessed:
The requirements for the recommended highly available setup have grown (from 5) to 6 nodes with 32 GB of memory and 8 vCPUS.
The requirements for a minimal highly available setup have grown (from 4) to 5 nodes with 32 GB of memory and 8 vCPUS.
A non-high availability setup has been added, the requirements for which are 3 nodes with 32 GB of memory and 8 vCPUS.
Baselines have been disabled in v4.4. The
BaselineFunction
andBaseline
objects are still available, but they don't serve any purpose other than smooth transition to the Autonomous Anomaly Detector (AAD) framework. If you have custom StackPacks that auto-create baselines, this is the last opportunity to remove baselines from templates and make transition to the AAD. In release v4.5 baselines will be removed completely and templates using them will break.Transparent propagation has been renamed to Auto propagation. The behavior remains the same.
The ElasticSearch Helm subchart
elasticsearch-exporter
has been renamed toprometheus-elasticsearch-exporter
. This means that any configuration for that subchart needs to use the new subchart keyelasticsearch.prometheus-elasticsearch-exporter.*
The
passwordMd5
field in the file based authentication has been renamed topasswordHash
as it's now possible to usebcrypt
type passwords.Security improvement for Authentication and Authorization. There is a single configuration for groups to roles mappings and a single authentication provider used for both the Base API and Admin API. The default StackState roles are now always available, these could previously be overridden -
stackstate-admin
,stackstate-power-user
,stackstate-guest
. Additionally, a new default rolestackstate-platform-admin
has been introduced.Platform management and platform content management permissions have been separated into two groups -
platformAdminGroup
andadminGroup
. Users in the groupplatformAdminGroup
are limited to only platform management tasks, such as change database retention, clear database, clear caches and view logs. Users in the groupadminGroup
no longer have platform management permissions.How you should proceed with upgrade
File based authentication: Use the
platformadmin
username for platform management instead ofadmin
. Theadmin
user remains functional and has full content management rights as before.External authentication (LDAP/OIDC/Keycloak): An additional role/group should be created in the external authentication system and mapped to the new StackState
platformAdmin
group.Users who are assigned this group/role will get platform management permissions. If you wish for one user to manage both the content and the platform, you will still need to configure the external authentication provider with two separate roles/groups and then assign both of those to a single user in the settings of the external authentication system. You should not map the same external role/group to different StackState authorization groups.
If you are still not sure what you need to do, contact StackState support.
Upgrade to v4.3.x (EOL)
v4.3.6
No manual action required.
v4.3.1 - v4.3.5
⚠️ These releases are susceptible to the Apache log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. Resolved in version v4.3.6.
v4.3.0
⚠️ This release is susceptible to the Apache log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. Resolved in version v4.3.6.
StackState is tested to run on Kubernetes v1.17, v1.18 and v1.19, or the equivalent OpenShift release (version 4.4, 4.5 or 4.6).
CPU limits have been added to all pods. If you have customized any of the CPU requests in your
values.yaml
, you will most likely need to also set the CPU limit for the same pod(s).CPU limits and requests have been re-evaluated and increased where needed for stable operation resulting in a change in the number and size of required nodes.
Two new permissions have been added -
manage-event-handlers
andexecute-restricted-scripts
:Guest users will no longer be able to create or edit event handlers.
Power Users will no longer be able to execute scripts using the HTTP script API.
Admin users won't be affected.
Baselines have been deprecated and will be removed in v4.4. To reflect this, baseline functions and check functions that use baselines have been renamed. Templates that resolve these functions by name will stop working after upgrade to StackState 4.3. The function identifiers haven't changed and can still be used to reference functions, however, it's advised that you migrate to using the Autonomous Anomaly Detector.
A Slack integration StackPack is now available that includes a new Slack event handler. Existing Slack event handlers will continue to run in StackState v4.3, however, the old Slack event handler has been deprecated and will be removed in a future release of StackState. To continue using Slack event notifications, it's advised to install the Slack StackPack and configure view event handlers to use the new Slack event handler in place of the old
Notify via slack for component health state change. (deprecated)
andNotify via slack for view health state change.(deprecated)
.Dynatrace StackPack - The location of the Dynatrace check config file has moved. If you choose to upgrade to the version of the Dynatrace StackPack shipped with StackState v4.3, the Agent check configuration file should also be moved. The new location is
/etc/sts-agent/conf.d/dynatrace.d/conf.yaml
the previous location was/etc/sts-agent/conf.d/dynatrace_topology.d/conf.yaml
.
Upgrade to v4.2.x (EOL)
v4.2.4
No manual action required.
v4.2.3
Authentication configuration for the Kubernetes Helm chart has been made easier for this release. If your StackState authentication was customized, it will need to be updated. To verify this, check if there is a stackstate.server.config
or stackstate.api.config
value that contains an authentication
section in the values.yaml
file(s) used for installation.
Refer to the Authentication configuration documentation to configure the same settings directly in the values.yaml
file. After that, the authentication
section can be completely removed. If this results in an empty config
value it can be removed as well.
v4.2.0
Node sizing requirements have been increased.
The old
stackstate-server
pod has been replaced by a number of separate pods. Custom configuration invalues.yaml
should be updated:Configured email details in
stackstate.components.server.config
should be moved tostackstate.components.viewHealth.config
.Other custom configuration in
stackstate.components.server.config
should be moved tostackstate.components.api.config
.
A new mandatory parameter
stackstate.baseUrl
has been added. This is the public URL of StackState (how StackState is reachable from external machines) and is exposed via the UI script API. The filevalues.yaml
should be updated to include the newstackstate.baseUrl
parameter. The oldstackstate.receiver.baseUrl
parameter has been deprecated and will be removed in a future release, however, when nostackstate.baseUrl
is provided in StackState v4.2, the configuredstackstate.receiver.baseUrl
will be used instead.
See also
Last updated