Updating the Container Image

Update the AI Runtime Security container image deployed to Kubernetes when a new version is released.

The container image is hosted on images.hiddenlayer.ai and referenced in the deployment manifest:

image: images.hiddenlayer.ai/proxy/aidr-genai/ghcr.io/hiddenlayer-engineering/distro-enterprise-aidr-genai:<tag>

• kubectl configured with access to your cluster
• Access to images.hiddenlayer.ai with valid registry credentials and imagePullSecret configured in your cluster
• Your deployment name and namespace (referenced as $NAMESPACE and aidr-genai in the commands below)

HiddenLayer publishes release notes for each new version. When you receive a release notification, use the tag from the release notes in the steps below.

New releases are published to images.hiddenlayer.ai. Find the version you want to deploy:

images.hiddenlayer.ai/proxy/aidr-genai/ghcr.io/hiddenlayer-engineering/distro-enterprise-aidr-genai:$TAG

You do not need to pull the image locally, as Kubernetes pulls it directly from the registry during the rolling update.

You can update the image using either the manifest file or a direct kubectl patch.

image: images.hiddenlayer.ai/proxy/aidr-genai/ghcr.io/hiddenlayer-engineering/distro-enterprise-aidr-genai:$TAG

kubectl apply -f $MANIFEST_FILE.yaml

Monitor the rolling update until it completes:

kubectl rollout status deployment/aidr-genai -n $NAMESPACE

When the rollout is complete, you will see:

deployment "aidr-genai" successfully rolled out

If the new image causes issues, roll back to the previous version:

kubectl rollout undo deployment/aidr-genai -n $NAMESPACE

To roll back to a specific revision:

kubectl rollout history deployment/aidr-genai -n $NAMESPACE
kubectl rollout undo deployment/aidr-genai --to-revision=$REVISION -n $NAMESPACE