We are using separate authentication and proxy servers in production cluster. There are around 50 to 60 nodes been added at the moment. It is Teleport v2.2 and we need to update it to latest version. Is there a easy way to update this cluster without completely re creating from the scratch since, we have almost 100 user logins are there so it will be a huge overhead if we have to create from the scratch again. We have tried updating proxy and authentication at a time. But could not able to succeed.
Hi Hasindu, Are you using our OSS or Enterprise version. Are you uses local or via an SSO connector? If you provide this information we can suggest a few possible options for you.
We are using Community Edition with local connector.
Because 2.2 is so out of date from 4.2 version, I recommend using existing cluster to create a new cluster alongside it. Here is how you can do it:
- Spin up a new 4.2 cluster control plane that works alongside the old cluster control plane
- Use the existing cluster to spin up nodes of the new version dialing to the new cluster, using different host port, or IOT feature.
- Switch load balancer so your users will start using the new cluster
- Shut down the old nodes and cluster
This has worked for many of our customers and is the safest way to upgrade your cluster, because there will be no downtime or disruption.
we were in the review of your answer and trying with testing environment, meantime , i would like to know a possibility of keeping node’s teleport version as it is and update versions of auth and proxy servers only ?
This will not be possible - Teleport 2.2.x nodes are not compatible with a Teleport 4.2.x auth/proxy server.