Skip to main content

admin-console upgrade

Upgrades the KOTS Admin Console to match the version of KOTS CLI.

Usage

kubectl kots admin-console upgrade [flags]

This command supports all global flags and also:

FlagTypeDescription
--ensure-rbacboolWhen false, KOTS does not attempt to create the RBAC resources necessary to manage applications. Default: true. If a role specification is needed, use the generate-manifests command.
-h, --helpHelp for the command.
--kotsadm-namespacestring

Set to override the registry namespace of KOTS Admin Console images. Used for air gap installations. For more information, see Air Gap Installation in Existing Clusters.

Note: Replicated recommends that you use --kotsadm-registry instead of --kotsadm-namespace to override both the registry hostname and, optionally, the registry namespace with a single flag.

--kotsadm-registrystringSet to override the registry hostname and namespace of KOTS Admin Console images. Used for air gap installations. For more information, see Air Gap Installation in Existing Clusters.
--registry-passwordstringPassword to use to authenticate with the application registry. Used for air gap installations.
--registry-usernamestringUsername to use to authenticate with the application registry. Used for air gap installations.
--skip-rbac-checkboolWhen true, KOTS does not validate RBAC permissions. Default: false
--strict-security-contextbool

Set to true to explicitly enable strict security contexts for all KOTS Pods and containers.

By default, KOTS Pods and containers are not deployed with a specific security context. When true, --strict-security-context does the following:

  • Ensures containers run as a non-root user
  • Sets the specific UID for the containers (1001)
  • Sets the GID for volume ownership and permissions (1001)
  • Applies the default container runtime seccomp profile for security
  • Ensures the container is not run with privileged system access
  • Prevents the container from gaining more privileges than its parent process
  • Ensures the container's root filesystem is mounted as read-only
  • Removes all Linux capabilities from the container

The following shows the securityContext for KOTS Pods when --strict-security-context is set:

securityContext:
  fsGroup: 1001
  runAsGroup: 1001
  runAsNonRoot: true
  runAsUser: 1001
  seccompProfile:
    type: RuntimeDefault
  supplementalGroups:
  - 1001

Default: false

note

Might not work for some storage providers.

--wait-durationstringTimeout out to be used while waiting for individual components to be ready. Must be in Go duration format. Example: 10s, 2m
--with-minioboolWhen true, KOTS deploys a local MinIO instance for storage and attempts to change any MinIO-based snapshots (hostpath and NFS) to the local-volume-provider plugin. See local-volume-provider in GitHub. Default: true

Examples

kubectl kots admin-console upgrade --namespace kots-sentry
kubectl kots admin-console upgrade --ensure-rbac=false