Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
Reminder: Always reapply internal patches after upgrading an ArcSight Platform cluster
Products
ArcSight Transformation Hub
Environment
Any ArcSight Platform cluster (22.1.x, 21.1.x, etc)
Situation
Always remember to reapply any internal customization that have been done in the ArcSight Platform cluster after upgrading the cluster into a minor release.
Upgrading to a new release may cause the statefulsets of different resources to be overwritten to their default value which may cause disruptions in the event flow.
Resolution
To avoid the above situation, please always keep in mind that kubernetes customizations may commonly be apply using the below command:
kubectl patch <Resource>/<Name> --patch "$(cat /path/to/patch)" -n <Namespace>
An example of a customization is changing the KAFKA_ADVERTISED_LISTENERS and KAFKA_ADVERTISED_HOST_NAME environmental variables of the Transformation Hub given the networking environment where the cluster was deployed.
Not reapplying the patch related to the kafka advertised hostname variable would cause the Transformation Hub to neither receive or send data from producer to consumer devices.
Lastly, one can use the below command in case of uncertainty of the exact customization that was introduced into a particular resource:
kubectl edit <Resource> -n <Namespace> <Name>
URL Name
KM000013099