Our Kubernetes deployment uses our Wazuh images from Docker. If we look at the following code extracted from the Wazuh configuration using Docker, we can see which directories and files are used in the upgrade.
/var/ossec/api/configuration /var/ossec/etc /var/ossec/logs /var/ossec/queue /var/ossec/var/multigroups /var/ossec/integrations /var/ossec/active-response/bin /var/ossec/agentless /var/ossec/wodles /etc/filebeat /var/lib/filebeat
Any modification related to these files will also be made in the associated volume. When the replica pod is created, it will get those files from the volume, keeping the previous changes.
The only step to updating Wazuh is to change the image of the pod in each file that deploys each node of the Wazuh cluster.
These files are the StatefulSet files:
containers: - name: wazuh-manager image: 'wazuh/wazuh:4.3.8'
The last step is to apply the new configuration:
$ kubectl apply -k envs/eks/
Other cluster types
$ kubectl apply -k envs/local-env/
statefulset.apps "wazuh-manager-master" configured
This process will end the old pod while creating a new one with the new version, linked to the same volume. Once the Pods are booted, the update will be ready, and we can check the new version of Wazuh installed, the cluster, and the changes that have been maintained through the use of the volumes.