Upgrade Splunk POD

This topic describes how to perform in-place upgrades and permanently delete (destroy) a Splunk POD environment.

Use the Kubernetes Installer to perform in-place upgrades or permanently delete (destroy) a Splunk POD environment. Before upgrading, learn about Splunk POD versioning syntax.

Splunk POD versioning

Splunk POD releases combine the version numbers of the bundled Splunk Enterprise and Kubernetes Installer into a single string.

Syntax: <Splunk Enterprise version>_<Kubernetes Installer version>

Example: 10.2.0_1.4.0

Package and binary details

Splunk POD installation packages (for example, kubernetes-installer-standalone-10.2.0_1.4.0.tgz) contain the kubernetes-installer-standalone binary, which includes all required OCI images, including Splunk Enterprise.

To check version numbers:

CODE 
./kubernetes-installer-standalone -version
CODE 
Version: 1.4.0
Splunk Version: 10.2.0

The Version field identifies the Kubernetes Installer version. The Splunk Version field identifies the Splunk Enterprise version.

Upgrade a Splunk POD deployment

The Kubernetes Installer supports in-place upgrades of the installer binary itself and all bundled OCI images, including SOK, Splunk Enterprise, and other Kubernetes services.

The Kubernetes Installer supports in-place upgrades for the installer binary itself and all bundled OCI images, including SOK, Splunk Enterprise, and other Kubernetes services.This ensures a seamless update path for your Splunk Kubernetes environment.

Note: All components are versioned and upgraded together to ensure compatibility. Components cannot be upgraded individually. Upgrades only apply to components that have changed. New installer binaries can include new versions of Splunk. Indexed data is protected during Splunk upgrades.
  1. Download the latest version of the kubernetes-installer-standalone binary.
  2. Replace the existing installer binary on your bastion node with the new version.
    Alternatively, you can set up a new bastion node with the updated installer.
  3. Run the installer using your existing static cluster configuration YAML file, Splunk license, and the SSH key used during the initial deployment.
    CODE 
    ./kubernetes-installer-standalone -static.cluster <your-cluster-config>.yaml -deploy
  4. Check the status of your cluster to ensure components have been updated successfully.
    CODE 
    ./kubernetes-installer-standalone -static.cluster <your cluster-config>.yaml -status
  5. Check the version of each instance in the Monitoring Console:

    https://<Worker> IP:3443/en-US/app/splunk_monitoring_console/monitoringconsole_instances

Destroy the Splunk POD cluster

Permanently delete the existing Kubernetes cluster and all associated data.

CAUTION: You cannot undo this action. Destroying the cluster permanently deletes the existing Kubernetes cluster, all associated Splunk components, OCI registries, and all stored data. After taking this action, a fresh cluster deployment might be required.
  1. Before proceeding, confirm that the existing cluster, indexed buckets, and knowledge objects are no longer required.
  2. Run the following command from the bastion node:
    CODE 
    ./kubernetes-installer-standalone -static.cluster <your-cluster-config>.yaml -destroy

    You will be prompted to confirm this action before the process begins.