Rollbacks¶

If an upgrade causes issues, revert to the previous working version by deploying the prior container image.

Rollback Procedure¶

1. Identify the Previous Version¶

Check your deployment history or release notes for the last known good version.

2. Deploy the Previous Version¶

Azure Container AppsAWS ECS Express ModeDocker / Docker ComposeKubernetesOCI Container Instances

az containerapp update \
  --name {app_name} \
  --resource-group {resource_group} \
  --image ghcr.io/caprusai/agentcube-essbase:{previous_version} \
  --revision-suffix "rollback-{timestamp}"

Register a new task definition revision pointing to the previous image tag, then force a redeployment:

aws ecs update-service \
  --service agentcube-essbase \
  --task-definition agentcube-essbase:{previous_revision} \
  --force-new-deployment \
  --region {region}

Update the image tag in your docker-compose.yml to the previous version, then restart:

docker compose up -d agentcube-essbase

Or with a plain Docker run, stop the current container and start a new one with the previous tag:

docker stop agentcube-essbase
docker rm agentcube-essbase
docker run -d --name agentcube-essbase --restart unless-stopped \
  -p 8080:8080 \
  --env-file /etc/agentcube/essbase.env \
  ghcr.io/caprusai/agentcube-essbase:{previous_version}

Roll back to the previous deployment revision:

kubectl rollout undo deployment/agentcube-essbase -n agentcube

Or deploy a specific previous version:

kubectl set image deployment/agentcube-essbase \
  agentcube-essbase=ghcr.io/caprusai/agentcube-essbase:{previous_version} \
  -n agentcube

Delete the current instance and recreate it using the previous image tag and the original creation parameters.

3. Verify¶

curl https://{connector_hostname}/health

Confirm version shows the previous version and status is healthy.

4. Test¶

Run a tool call from your AI platform to verify end-to-end functionality.

Rolling Back SSO to Basic Auth¶

If SSO is causing issues, you can revert to basic auth mode without changing the container image. Set a single environment variable:

AGENTCUBE_AUTH_MODE=basic

The connector will start using the service account credentials ({PRODUCT}_USERNAME / {PRODUCT}_PASSWORD) that are already configured. No image rebuild or redeployment is required — just update the environment variable and restart the container.

To re-enable SSO later, set AGENTCUBE_AUTH_MODE=oidc. All OIDC environment variables are preserved and will take effect immediately.

Notes¶

Rollbacks are safe — connector versions are immutable container images
Environment variable changes are independent of image versions. If you changed environment variables as part of the upgrade, you may need to revert those as well
Container registries retain previous image versions, so rollback images are always available