> **Building with AI coding agents?** Install the authstack plugin with one command. This equips your agent with accurate Scalekit implementation patterns. > > **Recommended**: > ```bash > npx @scalekit-inc/cli setup > ``` > > Global: > ```bash > npm install -g @scalekit-inc/cli > scalekit setup > ``` > > Supports Claude Code, Cursor, GitHub Copilot, Codex + skills for 40+ agents. > Features: full-stack-auth, agent-auth, mcp-auth, modular-sso, modular-scim. > [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # Upgrades and maintenance How to upgrade your self-hosted Scalekit deployment and perform routine maintenance tasks. You will upgrade your self-hosted Scalekit deployment and perform routine maintenance using the portal and Helm. This helps you adopt new versions safely, roll back if needed, and keep TLS and secrets current without disrupting service. ## Upgrade Scalekit New versions are available through the Scalekit distribution portal. Upgrades are performed through the portal. The deployment agent running in your cluster picks up the change and applies it automatically. Database migrations run before the new pods start. 1. ### Select the new version in the portal Log in to the Scalekit distribution portal. In the left sidebar, click **Deployments** and select your deployment. - Click **Edit deployment** - Under **Version**, select the new version - Click **Update deployment** The portal notifies the deployment agent in your cluster. No manual `kubectl` command is needed. 2. ### Monitor the upgrade The deployment agent handles chart delivery and migration sequencing. Check its logs to follow progress: ```bash kubectl logs -l app=distr-agent -n --tail=100 -f ``` 3. ### Verify the upgrade ```bash kubectl get pods -n kubectl rollout status deployment/scalekit -n ``` ## Roll back an upgrade If an upgrade causes issues, roll back using Helm: ```bash # List revisions helm history scalekit -n # Roll back to the previous revision helm rollback scalekit -n ``` ## Renew TLS certificates TLS certificates are managed through your cloud provider's certificate manager (for example, GCP Certificate Manager) or cert-manager. Renew certificates through your provider. The gateway picks up the updated certificate automatically without restarting Scalekit. ## Routine maintenance tasks | Task | Frequency | Action | |------|-----------|--------| | Review auth logs | Daily | Admin dashboard → **Audit logs** | | Check pod health | Daily | `kubectl get pods -n ` | | Rotate Redis cache | As needed | Automatic. Expired keys are evicted by Redis TTL. | | Back up databases | Regular | Take consistent backups of your PostgreSQL databases | | Rotate registry token | Before expiry | Create a new token in the portal, update `artifact-registry-secret`, restart pods | | Rotate individual secrets | Per policy | Edit the specific Kubernetes secret directly and restart pods | Next, Troubleshooting will help you diagnose and fix the most common problems you may encounter after deployment. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |