Views:

What's New

We are pleased to announce an important update to the Helm chart of our Container Security services. This update is designed to enhance the underlying systems that support our security features.

What This Means for You

This change is essential for accessing new functionalities that we plan to introduce, simplifying the Helm chart and improving performance. The upcoming features will be available only in the new version. Starting June 2025, new Helm chart versions will be published at https://github.com/trendmicro/visionone-container-security-helm instead of https://github.com/trendmicro/cloudone-container-security-helm.

A minor update to your Helm values overrides and firewall settings will be required when upgrading to the new version.

Actions Required

The following changes will be required when upgrading to the new Helm chart version:

  • Firewall Updates

    You will find the updated list of firewall exceptions required for Container Security in the official documentation once the new Helm chart is available.
    Below is a summary of the new region-based exceptions that will need to be added alongside the existing ones, as well as those that can be removed.

     
    Make sure you add the new exceptions before running the update. The exceptions that are removable must be removed after the update is complete.
     
    RegionAddRemove
    US
    • api.xdr.trendmicro.com
    • container.us-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com
    IN
    • api.in.xdr.trendmicro.com
    • container.in-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com
    SG
    • api.sg.xdr.trendmicro.com
    • container.sg-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com
    AU
    • api.au.xdr.trendmicro.com
    • container.au-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com
    JP
    • api.xdr.trendmicro.co.jp
    • container.jp-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com
    EU
    • api.eu.xdr.trendmicro.com
    • container.eu-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com
    MEA
    • api.mea.xdr.trendmicro.com
    • container.mea-1.cloudone.trendmicro.com
    • telemetry.deepsecurity.trendmicro.com

     

  • Helm Update

    The update process is different whether your cluster was manually registered or automatically registered. When the clusters are ready to be updated, a “How to Upgrade” button will be visible on the Container Inventory screen. By clicking on this, it will show the changes to be applied.

  • Manually registered clusters update process

    The Container Security console will display a banner with a "How to upgrade" button once the new Helm chart is available. Clicking on this button will show you the update instructions.

    Below is a preview of the update instructions:

    1. If you no longer have the values you used for your initial installation, you can retrieve them with the following command:
      helm get values --namespace trendmicro-system trendmicro  -o yaml

      Copy these values to an overrides file (e.g. overrides.yaml).

    2. Replace the following values with the values that will be displayed in the Trend Vision One console once you click on the “How to Upgrade” button: 

      cloudOne:
           apiKey: <your api key>
           endpoint: <endpoint>

      The new values will look like this:

      visionOne:
          bootstrapToken: <new token>
          endpoint: <new endpoint>
      • bootstrapToken replaces apiKey. The token displayed in the console expires after a day, so you need to run the update within that time. If you don’t, you can click again on the “How to upgrade" button to get a new token. There is no need to update the token after that, it will be automatically renewed by Container Security components. The API key from earlier Helm chart versions will not work anymore.
      • endpoint has been updated to a new URL.
    3. Run the following command to update:
      helm upgrade \
    trendmicro \
    --namespace trendmicro-system \
    --values overrides.yaml \
    https://github.com/trendmicro/visionone-container-security-helm/archive/main.tar.gz
  • Automatically Registered Clusters
    1. If you don't have the values you used for your initial installation, you can retrieve them with the following command:
      helm get values --namespace trendmicro-system trendmicro  -o yaml

      Copy these values to an overrides file (e.g. overrides.yaml).

      The endpoint value has been updated. Below is the new value for each region:

      • US: https://api.xdr.trendmicro.com/external/v2/direct/vcs/external/vcs
      • EU: https://api.eu.xdr.trendmicro.com/external/v2/direct/vcs/external/vcs
      • JP: https://api.xdr.trendmicro.co.jp/external/v2/direct/vcs/external/vcs
      • AU: https://api.au.xdr.trendmicro.com/external/v2/direct/vcs/external/vcs
      • IN: https://api.in.xdr.trendmicro.com/external/v2/direct/vcs/external/vcs
      • SG: https://api.sg.xdr.trendmicro.com/external/v2/direct/vcs/external/vcs
      • MEA: https://api.mea.xdr.trendmicro.com/external/v2/direct/vcs/external/vcs
    2. Replace the following values:
      cloudOne:
	      endpoint: <old endpoint>

      with these values:

      visionOne:
	      endpoint: <new endpoint from the list above>  # Replace with the appropriate endpoint based on your region
      • endpoint is updated to a new URL.
    3. Run the following command to update:
      helm upgrade \
	trendmicro \
	 --namespace trendmicro-system \
   	 --values overrides.yaml \
https://github.com/trendmicro/visionone-container-security-helm/archive/main.tar.gz

For support assistance, please contact Trend Micro Technical Support.

Keywords: Helm chart upgrade,Secondary Keywords.Firewall updates,Helm values overrides,Manual changes