Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Post upgrade steps to configure Kubernetes on AWS
Anchor
AWS
AWS

  1. Upgrade the cluster to 2024.3

  2. Update the IAM Stack with 2024.3 automated_deployment_iam_role.json and select yes to give EKS-related permissions to the IAM role.

  3. Create an EKS cluster using CreateEks.json.

  4. Run the following commands one by one on every Kyvos node to install kubectl

    1. curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

    2. unzip awscliv2.zip

    3. sudo ./aws/install --bin-dir /usr/local/bin/ --install-dir /usr/local/aws-cli --update o curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.3/2024-04-19/bin/linux/amd64/kubectl

    4. chmod +x ./kubectl

    5. sudo chown kyvos:kyvos kubectl

    6. sudo mv kubectl /bin/

    7. sudo mkdir -p /home/kyvos/.kube

    8. sudo chown -R kyvos:kyvos /home/kyvos/.kube

  5. Run the commands below from sudo user on Kyvos Manager node to install eksctl.

    1. curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$ (uname -s)_amd64.tar.gz" | tar xz -C /tmp

    2. sudo cp /tmp/eksctl /bin/

  6. Once the EKS cluster is created, go to the created node then go to Security.

  7. Click the eks-cluster-sg-kyvosEks-{STACK-NAME}-random number as Security group.

  8. Add inbound rule to the above security group with TCP 6903 and source group will be the Security Group attached to the BI server.

  9. Add inbound rule to the Web server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  10. Add inbound rule to the BI Server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  11. Add inbound rule to the BI Server security group with TCP 45460 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  12. Add inbound rule to the BI Server security group with TCP 6803 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).

  13. Open the deployment bucket permission section and add the ARN of OIDC and Node group role in the array.

  14. Once the above changes are done, navigate to compute cluster page on Kyvos Manager and click on Native. Choose Containerized Kubernetes.

  15. Provide the name of the Kubernetes Cluster, then Node Pool name and then the K8S auth role name. The name of the role can be found in the resource section of the EKS creation stack.

  16. Copy the value of the EKSOidcRole key and that is the K8S auth role name.

  17. Validate the information and click Save.

Post upgrade steps to configure Kubernetes on Azure
Anchor
Azure
Azure

  1. Create an AKS cluster via script. To create the AKS cluster, refer to Azure documentation.

  2. Upload the CreateAks.json script (available in Azure Installation files folder) and complete the parameters given in the script.

  3. Once the AKS cluster is created, configure it through Kyvos Manager on the Computer cluster page.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

  • Provide the same managed identity that is used in your Kyvos environment.

  • Ensure that you create an AKS cluster in the same Resource Group and Virtual Network where your Kyvos environment is running.

Post upgrade steps to configure Kubernetes on GCP

...