Prisma Cloud Compute Edition 21.04 (Self-Hosted) | Upgrade | Docker Swarm

Welcome
- Welcome
- Releases
- Getting started
- Product architecture
- Support lifecycle
- Upcoming support lifecycle changes
- Licensing
- Prisma Cloud Enterprise Edition vs Compute Edition
- Utilities and plugins
Install
- Install
- Getting started
- System requirements
- Prisma Cloud container images
- Onebox
- Kubernetes
- OpenShift 4
- OpenShift 3.11
- Console on Fargate
- VMware Tanzu Kubernetes Grid
- Docker Swarm
- Amazon ECS
- Windows
- Defender types
- Install Defender
Upgrade
- Upgrade
- Upgrade process
- Onebox
- Kubernetes
- OpenShift
- Helm charts
- Docker Swarm
- Amazon ECS
- Manually upgrade single Container Defenders
- Manually upgrade Defender DaemonSets
- Manually upgrade Defender DaemonSets (Helm)
- Manually upgrade Swarm Defender global service
Technology overviews
- Technology overviews
- Prisma Cloud Advanced Threat Protection
- App-specific network intelligence
- Container runtimes
- Radar
- Serverless Radar
- Prisma Cloud rules guide for Docker
- Defender architecture
- Telemetry
Configure
- Configure
- Rule ordering and pattern matching
- Disaster recovery
- Custom feeds
- Proxy configuration
- Custom certs for Console access
- Configure scan intervals
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Console and Defender (with daemon sets)
- Authenticate to Console with certificates
- Customize terminal output
- Collections
- Tags
- Logon Settings
- Reconfigure Prisma Cloud
- Subject Alternative Names
- WildFire settings
Authentication
- Authentication
- Log into Console
- Active Directory
- OpenLDAP
- OpenID Connect
- Okta (SAML 2.0)
- Google G Suite (SAML 2.0)
- Azure Active Directory (SAML 2.0)
- PingFederate (SAML 2.0)
- Active Directory Federation Services (SAML 2.0)
- GitHub (OAuth 2.0)
- OpenShift (OAuth 2.0)
- Active Directory Non-default UPN suffixes
- Compute user roles
- Assign roles
- Use custom certificates for authorization
- Credentials store
Vulnerability management
- Vulnerability management
- Prisma Cloud vulnerability feed
- Vulnerability Explorer
- Vulnerability management rules
- Search CVEs
- Scan reports
- Customize image scanning
- Registry scanning
- Configuring registry scans
  - Registry scanning
  - Alibaba Cloud Container Registry
  - Amazon EC2 Container Registry
  - Azure Container Registry
  - Docker Registry v2 (includes Docker Hub)
  - Google Container Registry
  - Harbor
  - IBM Cloud Container Registry
  - JFrog Artifactory Docker Registry
  - OpenShift integrated Docker registry
  - Webhooks
- Base images
- VM image scanning
- Code repository scanning
- Malware scanning
- Risk trees
- Detect vulnerabilities in unpackaged software
- CVSS scoring
- Google Cloud Container Builder
- Windows image scanning
- Serverless function scanning
- VMware Tanzu blobstore scanning
- Fargate scanning
Compliance
- Compliance
- Compliance Explorer
- Manage compliance
- CIS Benchmarks
- Prisma Cloud compliance checks
- Serverless functions
- Windows compliance checks
- DISA STIG for Docker Enterprise
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- Fargate scanning
- Detect secrets
- Cloud discovery
- OSS license management
Runtime defense
- Runtime defense
- Runtime defense for containers
- Runtime defense for hosts
- Runtime defense for AWS Fargate
- Custom runtime rules
- Import and export individual rules
- ATTACK explorer
- Runtime audits
- Incident Explorer
- Incident types
Access control
- Access control
- Docker role-based access control
- Admission control
Continuous integration
- Continuous integration
- Jenkins plugin
- Jenkins Freestyle project
- Jenkins Maven project
- Jenkins Pipeline project
- Run Jenkins in a container
- Jenkins pipeline on K8S
- CloudBees Core pipeline on K8S
- Set policy in the CI plugins
- Code repo scanning
Web-Application and API Security (WAAS)
- Web-Application and API Security (WAAS)
- Overview
- Deployment
- App firewall
- API protection
- DoS protection
- Bot protection
- Access control
- Advanced settings
- Analytics
- API observations
- Custom rules
Firewalls
- Firewalls
- Cloud Native Network Firewall (CNNF)
Secrets
- Secrets
- Secrets manager
- Integrate with a secrets store
- Secrets stores
- Inject secrets into containers
- Injecting secrets example
Alerts
- Alerts
- Alert mechanism
- AWS Security Hub
- Cortex XSOAR
- Email
- Google Cloud Pub/Sub
- Google Cloud SCC
- IBM Cloud Security Advisor
- JIRA
- PagerDuty
- ServiceNow Security Incident Response
- ServiceNow Vulnerability Response
- Slack
- Webhook
Audit
- Audit
- Event viewer
- Host activity
- Admin activity
- Annotate audits
- Delete audit logs
- Syslog and stdout integration
- Log rotation
- Throttling
- Prometheus
- Kubernetes auditing
Tools
- Tools
- twistcli
- Scan images with twistcli
- Scan code repos with twistcli
- Install Console with twistcli
- Update offline environments
Deployment patterns
- Deployment patterns
- Projects
- Migration options for scale projects
- DNS and certificate management
- Caps
- Migrate to SaaS Console
- Performance planning
API
- API
How-to guides
- Howto
- Configure an ECS load balancer
- Use Nginx Ingress Controller
- Configure the load balancer type for AWS EKS
- Deploy Defenders External to an OpenShift cluster
- Configure Console's listening ports
- Provision tenant projects OpenShift
- Setting up Istio
- Disable automatic learning
- Rolling Defender upgrades
- Review debug logs

1. Overview
2. Upgrading Console

1. Overview

Upgrade Prisma Cloud running in your Swarm cluster.

First upgrade Console. Console will then automatically upgrade all deployed Defenders for you.

If you’ve disabled Defender auto-upgrade or if Console fails to upgrade one or more Defenders, manually upgrade your Defenders.

You must manaully upgrade App-Embedded Defenders.

2. Upgrading Console

To upgrade Console in a Docker Swarm cluster, rerun the install procedure with the latest Prisma Cloud release. Use the same configuration options in twistlock.cfg and twistcli as you used in the initial install.

Prerequisites: You know how you initially installed Prisma Cloud, including all options set in twistcli.cfg and parameters passed to twistcli.

Get a link to the current recommended release.
Connect to your master node.
```
$ ssh <SWARM-MASTER>
```
Download the latest recommended release to the master node.
```
$ wget <LINK_TO_CURRENT_RECOMMENDED_RELEASE_LINK>
```

Unpack the Prisma Cloud release tarball.

$ mkdir twistlock_<VERSION>
$ tar xzf twistlock_<VERSION>.tar.gz -C twistlock_<VERSION>/
$ cd twistlock_<VERSION>

If you customized twistlock.cfg during the original install, port those changes forward to twistlock.cfg in the latest release. Otherwise, proceed to the next step.
Update the Prisma Cloud Console by running the same twistcli command used during the original install.
```
$ ./linux/twistcli console install swarm --volume-driver <DRIVER>
```
Go to Manage > Defenders > Manage and validate that Console has upgraded your Defenders.