Versions Compared

Old Version 3

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version 4

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick)Kyvos Enterprise  (error) Kyvos Cloud (SaaS on AWS) (error) Kyvos AWS Marketplace

...

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FFFAE6

Important

Download the AWS Installation Files folder and keep all the requisite files handy during installation and deployment. 

...

Regardless of the type of installation, the following prerequisites should be available.

  1. EC2 key pair, consisting of a private key and a public key. You can create the key pair if needed.

...

  1. Add below permissions in AWS Wizard based IAM role for listing and describing EKS cluster

    Code Block
    "EKSPolicy": {
      "Type": "AWS::IAM::Policy",
      "Condition": "EKSClusterPermissionsInclusion",
      "Properties": {
        "PolicyName": "eks-policy",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "EksDescribeKM",
              "Effect": "Allow",
              "Action": [
                "eks:ListClusters",
                "eks:DescribeCluster",
                "eks:ListNodegroups",
                "eks:DescribeNodegroup",
                "eks:DescribeAddon"
              ],
              "Resource": "*"
            },
            {

  2. You must have the Access Key and Secret Key to access the Kyvos bundle. Contact Kyvos Support for details.

  3. Valid Kyvos license file.

  4. Create an EKS cluster using CreateEks.json.

  5. Run the following commands one by one on every Kyvos node to install kubectl

    Code Block
    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --bin-dir /usr/local/bin/ --install-dir /usr/local/aws-cli --update o curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.3/2024-04-19/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo chown kyvos:kyvos kubectl
sudo mv kubectl /bin/
sudo mkdir -p /home/kyvos/.kube
sudo chown -R kyvos:kyvos /home/kyvos/.kube

  6. Run the commands below from sudo user on Kyvos Manager node to install eksctl.

    Code Block
    curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$   (uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo cp /tmp/eksctl /bin/

  7. Once the EKS cluster is created, go to the created node then go to Security.

  8. Click the eks-cluster-sg-kyvosEks-{STACK-NAME}-random number as Security group.

  9. Add inbound rule to the above security group with TCP 6903 and source group will be the Security Group attached to the BI server.

  10. Add inbound rule to the Web server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  11. Add inbound rule to the BI Server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  12. Add inbound rule to the BI Server security group with TCP 45460 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  13. Add inbound rule to the BI Server security group with TCP 6803 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  14. Open the deployment bucket permission section and add the ARN of OIDC and Node group role in the array.

  15. Ensure that the required ports are available.

  16. Ensure that the required OS Commands used by Kyvos Manager are available on all the machines.