--- title: "Upgrade Instructions" slug: "upgrade-instructions-1" updated: 2024-09-01T06:33:27Z published: 2024-09-01T06:33:27Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.plainid.io/llms.txt > Use this file to discover all available pages before exploring further. # Upgrade Instructions ### Upgrade Instructions In order to upgrade the existing deployment of the Envoy Authorizer, use the `helm upgrade` command: ``` helm upgrade sidecar-test authz-envoy ``` Update the version of the `authz-envoy-sidecar` to `1.6.0` and apply this configuration - `kubectl apply -f samples/authz_v1_plainidinjector.yaml`: ``` kind: PlainidInjector spec: ... container: name: plainid-authz image: docker.io/plainid/authz-envoy-sidecar:1.6.0 ... ``` ### Upgrade from version 1.2.x to 1.6.x **Helm chart** Helm chart name is changed, new name is `authz-envoy`. #### Cert Management ***Please note - if you are using the certificates that are included in the container, you will need to change to the mount, as described below.*** As part of the security enhancements in `authz-operator` version `1.6.0`, the certificates are no longer included inside of `authz-operator` container. From version 1.6.0, the certificates should be mounted from a `Secret`. Here is an example of `plainid-controller-manager` deployment with mounted certificates (`templates/manager.yaml` file): ``` spec: ... template: ... spec: ... containers: ... volumeMounts: - mountPath: /app/certs name: cert readOnly: true ... volumes: - name: cert secret: defaultMode: 420 secretName: plainid-webhook-server-cert ``` `Secret` configuration is present in `templates/webhook.yaml` file and is taken from values.yaml file. Example: ``` apiVersion: v1 kind: Secret metadata: ... name: plainid-webhook-server-cert type: Opaque data: bundle.pem: { { .Values.webhook.bundle } } tls.crt: { { .Values.webhook.crt } } tls.key: { { .Values.webhook.key } } ```