Post-upgrade steps for nodes scaling of resources

Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

In AWS Managed Service and Marketplace-based deployments (on AWS and AZURE) that were performed via releases earlier than 2024.2, the Web Portal scaling will not work when there is no Web Portal HA (i.e., the cluster has a Single Web Portal service), and multiple Web Portal and that too, the Web Portal service is on the Kyvos Manager node. In this case, you must perform post-upgrade steps for AWS and Azure Marketplace, as mentioned below.

Post upgrade steps to scale Web Portal for AWS Marketplace
Post upgrade steps to scale Web Portal for AWS Managed Service
Post upgrade steps to scale Web Portal for Azure Marketplace
Post upgrade permission to scale Kyvos nodes for GCP Marketplace

Post-upgrade steps for Web Portal scaling for AWS Marketplace

Note

Ensure that if one Web Portal is available, you need to perform from step 1 through step 3.

Stop the Kyvos Manager instance.
Select the Kyvos Manager instance and go to Action list located at the right of the page. From the Action list, click Instance settings > Edit user data.
On the Edit user data dialog box, change the s3bundlepath=”current_version”/latest to s3bundlepath=2024.2/latest script, and click Save.

Below are the permissions which needs to be added in the IAM policy of the EC2 role.

Note

If you have one or two web portals, the following permissions are required.

{
            "Action": [
                "elasticloadbalancing:DescribeTargetGroups"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "Elbv2DescribeKM"
        },

       {
            "Condition": {
                "StringEqualsIgnoreCase": {
                    "elasticloadbalancing:ResourceTag/UsedBy": "Kyvos"
                }
            },
            "Action": [
                "elasticloadbalancing:RegisterTargets",
                "elasticloadbalancing:DeregisterTargets",
                "elasticloadbalancing:ModifyTargetGroup"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "elbPermission"
        }

After updating the permission, you must start Kyvos Manager instance.

Post upgrade steps to scale Web Portal for AWS Managed Service

Stop the Kyvos Manager instance.
Select the Kyvos Manager instance and go to Action list located at the right of the page. From the Action list, click Instance settings > Edit user data.
Remove the existing script and copy the below script. Pass the region's value in the deploymentRegion variable and change the <STACK-NAME> to the name of the stack in the last line.
1. If the deployment is on Centos, user name should be replaced from ec2-user to centos.
  #!/bin/bash
  s3bundlepath=2024.2/latest
  deploymentRegion=
  sudo curl -o /tmp/km.sh https://s3.$deploymentRegion.amazonaws.com/$deploymentRegion.kyvos/$s3bundlepath/prereq/km_ms.sh
  chmod a+x /tmp/km.sh
  sudo sh /tmp/km.sh KMInstance dummyvalue dummyvalue <STACK-NAME> ec2-user kyvos
Update the following permissions.
{ "Action": [ "elasticloadbalancing:DescribeTargetGroups" ], "Resource": "*", "Effect": "Allow", "Sid": "Elbv2DescribeKM" }, { "Condition": { "StringEqualsIgnoreCase": { "elasticloadbalancing:ResourceTag/UsedBy": "Kyvos" } }, "Action": [ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:ModifyTargetGroup" ], "Resource": "*", "Effect": "Allow", "Sid": "elbPermission" }
After updating the permission, you must start Kyvos Manager instance.

Note

When multiple web portals are configured, after the upgrade, only step 4 is required, i.e., permissions must be added.

Post upgrade steps to scale Web Portal for Azure Marketplace

To scale Web Portal for Azure Marketplace, perform the following steps.

Once the upgrade for Kyvos 2024.2 is completed, login to your Azure Portal.
Navigate to Kyvos Manager VM. In the left pane, go to Settings, click Extensions+applications and select lapextension.
Click Uninstall.
Once the extension is uninstalled, ssh into Kyvos Manager VM and execute the az login –-identity command.
Copy Azure_LapExtension.json and parameter.json in Kyvos Manager instance at any path.
Copy the Kyvos Manager Instance value.
In the parameter.json, update the copied Kyvos Manager Instance Value, as shown below.
NOTE: Remove the Owner and Jira values from the parameter.json file.
To create a lapextension extension on Kyvos Manager VM, replace the resourceGroupName with the name of the resource group in which the Kyvos Manager machine exists by executing the following command.
az deployment group create --resource-group resourceGroupName --name lapextension --template-file Azure_LapExtension.json --parameters parameters.json
For example, in the following image, the highlighted part is the resource group name.

Post upgrade permission to scale Kyvos nodes for GCP Marketplace

The compute.healthChecks.update permission needs to be assigned to the service account attached to Kyvos nodes.
If using shared VPC, the compute.subnetworks.use permission needs to be assigned to the service account (attached to Kyvos nodes) in the project where the network originally resides.