Skip to main content

tare upgrade

Upgrade an existing TARS dataplane release to whatever version this tare
binary embeds. Reads the live release's Helm values so operator-supplied
config (registry, namespaces, customer, OTel endpoint) is carried forward
without re-prompting — pass flags to override individually.

Refuses to fresh-install (use 'tare install' for that). Refuses to
upgrade single-replica installs without --allow-downtime, because
rolling a single data-plane Envoy pod RSTs any in-flight LLM streams.

Defaults to helm upgrade --atomic so a failed rollout auto-rolls back
to the previous revision. Pass --no-atomic to leave a stuck release
in place for debugging.

The CRD apply step is run explicitly because Helm's crds/ directory is
install-only — chart upgrades that introduce new CRD fields would
otherwise be silently ignored.

Image sync is NOT performed by this command. Sync new images to your
registry first with 'tare install --image-sync <REG> --sync-only',
then run 'tare upgrade'.

Examples:
  # Standard upgrade after replacing the tare binary
  tare upgrade identity.json

  # Force-upgrade a single-replica install (drops in-flight streams)
  tare upgrade identity.json --allow-downtime

  # Override the carried-forward image registry
  tare upgrade identity.json --image-registry acme.registry.com

Usage:
  tare upgrade <identity-file> [flags]

Flags:

  Main:
      --allow-downtime              Proceed even if the data-plane is single-replica (drops in-flight requests). Use only on lab installs you intend to migrate later.
      --drain-timeout-seconds int   EnvoyProxy.spec.shutdown.drainTimeout (seconds). Maximum time Envoy waits for in-flight requests (long LLM streams) to finish before SIGKILL. (default 300)
      --ha                          HA-safe defaults for the data-plane Envoy proxy (HPA min 2, PDB min 1). Pass --ha=false to keep single-replica. (default true)
      --no-atomic                   Disable helm --atomic (no auto-rollback on failure). Leaves stuck releases in place for debugging.
      --timeout string              Helm upgrade --wait timeout. Should exceed drainTimeout × replicas to allow serial drain. (default "10m")


  Telemetry:
      --enable-otel-collector               Override OTel collector enable state (default: carry forward from existing release)
      --otel-collector-endpoint string      Override OTel OTLP endpoint (default: carry forward from existing release)
      --otel-exporter-auth-headers string   Override OTel Authorization header value