Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick)Kyvos Enterprise  (error) Kyvos Cloud (SaaS on AWS) (error) Kyvos AWS Marketplace

...

Regardless of the type of installation, the following prerequisites should be available.

  1. EC2 key pair, consisting of a private key and a public key. You can create the key pair if needed.

...

  1. Add below permissions in AWS Wizard based IAM role for listing and describing EKS cluster

    Code Block
    "EKSPolicy": {
          "Type": "AWS::IAM::Policy",
          "Condition": "EKSClusterPermissionsInclusion",
          "Properties": {
            "PolicyName": "eks-policy",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Sid": "EksDescribeKM",
                  "Effect": "Allow",
                  "Action": [
                    "eks:ListClusters",
                    "eks:DescribeCluster",
                    "eks:ListNodegroups",
                    "eks:DescribeNodegroup",
                    "eks:DescribeAddon"
                  ],
                  "Resource": "*"
                },
                {
  2. You must have the Access Key and Secret Key to access the Kyvos bundle. Contact Kyvos Support for details.

  3. Valid Kyvos license file.

  4. Create an EKS cluster using CreateEks.json.

  5. Run the following commands one by one on every Kyvos node to install kubectl

    Code Block
    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
    unzip awscliv2.zip
    sudo ./aws/install --bin-dir /usr/local/bin/ --install-dir /usr/local/aws-cli --update o curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.3/2024-04-19/bin/linux/amd64/kubectl
    chmod +x ./kubectl
    sudo chown kyvos:kyvos kubectl
    sudo mv kubectl /bin/
    sudo mkdir -p /home/kyvos/.kube
    sudo chown -R kyvos:kyvos /home/kyvos/.kube
  6. Run the commands below from sudo user on Kyvos Manager node to install eksctl.

    Code Block
    curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$   (uname -s)_amd64.tar.gz" | tar xz -C /tmp
    sudo cp /tmp/eksctl /bin/
  7. Once the EKS cluster is created, go to the created node then go to Security.

  8. Click the eks-cluster-sg-kyvosEks-{STACK-NAME}-random number as Security group.

  9. Add inbound rule to the above security group with TCP 6903 and source group will be the Security Group attached to the BI server.

  10. Add inbound rule to the Web server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  11. Add inbound rule to the BI Server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  12. Add inbound rule to the BI Server security group with TCP 45460 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  13. Add inbound rule to the BI Server security group with TCP 6803 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  14. Open the deployment bucket permission section and add the ARN of OIDC and Node group role in the array.

  15. Ensure that the required ports are available.

  16. Ensure that the required OS Commands used by Kyvos Manager are available on all the machines.