Post upgrade steps to configure Kubernetes on AWS
Anchor | ||||
---|---|---|---|---|
|
Upgrade the cluster to 2024.3
Update the IAM Stack with 2024.3 automated_deployment_iam_role.json and select yes to give EKS-related permissions to the IAM role.
Create an EKS cluster using CreateEks.json.
Run the following commands one by one on every Kyvos node to install kubectl
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --bin-dir /usr/local/bin/ --install-dir /usr/local/aws-cli --update o curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.3/2024-04-19/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo chown kyvos:kyvos kubectl
sudo mv kubectl /bin/
sudo mkdir -p /home/kyvos/.kube
sudo chown -R kyvos:kyvos /home/kyvos/.kube
Run the commands below from sudo user on Kyvos Manager node to install eksctl.
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$ (uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo cp /tmp/eksctl /bin/
Once the EKS cluster is created, go to the created node then go to Security.
Click the eks-cluster-sg-kyvosEks-{STACK-NAME}-random number as Security group.
Add inbound rule to the above security group with TCP 6903 and source group will be the Security Group attached to the BI server.
Add inbound rule to the Web server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).
Add inbound rule to the BI Server security group with TCP 2181 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).
Add inbound rule to the BI Server security group with TCP 45460 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).
Add inbound rule to the BI Server security group with TCP 6803 and source group will be the Security Group which was mentioned above (eks-cluster-sg-kyvosEks-{STACK-NAME}-random number).
Open the deployment bucket permission section and add the ARN of OIDC and Node group role in the array.
Once the above changes are done, navigate to compute cluster page on Kyvos Manager and click on Native. Choose Containerized Kubernetes.
Provide the name of the Kubernetes Cluster, then Node Pool name and then the K8S auth role name. The name of the role can be found in the resource section of the EKS creation stack.
Copy the value of the EKSOidcRole key and that is the K8S auth role name.
Validate the information and click Save.
Post upgrade steps to configure Kubernetes on Azure
Anchor | ||||
---|---|---|---|---|
|
Create an AKS cluster via script. To create the AKS cluster, refer to Azure documentation.
Upload the CreateAks.json script (available in Azure Installation files folder) and complete the parameters given in the script.
Once the AKS cluster is created, configure it through Kyvos Manager on the Computer cluster page.
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Note If you are creating the AKS cluster independently (not using the provided script), then you need to assign contributor access to your Managed Identity on Kubernetes.
|
...