Post-upgrade steps for nodes scaling of resources
Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
In AWS Managed Service and Marketplace-based deployments (on AWS and AZURE) that were performed via releases earlier than 2024.2, the Web Portal scaling will not work when there is no Web Portal HA (i.e., the cluster has a Single Web Portal service), and multiple Web Portal and that too, the Web Portal service is on the Kyvos Manager node. In this case, you must perform post-upgrade steps for AWS and Azure Marketplace, as mentioned below.
Post upgrade steps to scale Web Portal for AWS Managed Service
Post upgrade steps to scale Web Portal for Azure Marketplace
Post upgrade permission to scale Kyvos nodes for GCP Marketplace
Post-upgrade steps for Web Portal scaling for AWS Marketplace
Note
Ensure that if one Web Portal is available, you need to perform from step 1 through step 3.
Stop the Kyvos Manager instance.
Select the Kyvos Manager instance and go to Action list located at the right of the page. From the Action list, click Instance settings > Edit user data.
On the Edit user data dialog box, change the s3bundlepath=”current_version”/latest to s3bundlepath=2024.2/latest script, and click Save.
Below are the permissions which needs to be added in the IAM policy of the EC2 role.
Note
If you have one or two web portals, the following permissions are required.
{
"Action": [
"elasticloadbalancing:DescribeTargetGroups"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "Elbv2DescribeKM"
},
{
"Condition": {
"StringEqualsIgnoreCase": {
"elasticloadbalancing:ResourceTag/UsedBy": "Kyvos"
}
},
"Action": [
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:ModifyTargetGroup"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "elbPermission"
}
After updating the permission, you must start Kyvos Manager instance.
Post upgrade steps to scale Web Portal for AWS Managed Service
Stop the Kyvos Manager instance.
Select the Kyvos Manager instance and go to Action list located at the right of the page. From the Action list, click Instance settings > Edit user data.
Remove the existing script and copy the below script. Pass the region's value in the deploymentRegion variable and change the <STACK-NAME> to the name of the stack in the last line.
If the deployment is on Centos, user name should be replaced from ec2-user to centos.
#!/bin/bash
s3bundlepath=2024.2/latest
deploymentRegion=
sudo curl -o /tmp/km.sh https://s3.$deploymentRegion.amazonaws.com/$deploymentRegion.kyvos/$s3bundlepath/prereq/km_ms.sh
chmod a+x /tmp/km.sh
sudo sh /tmp/km.sh KMInstance dummyvalue dummyvalue <STACK-NAME> ec2-user kyvos
Update the following permissions.
{ "Action": [ "elasticloadbalancing:DescribeTargetGroups" ], "Resource": "*", "Effect": "Allow", "Sid": "Elbv2DescribeKM" }, { "Condition": { "StringEqualsIgnoreCase": { "elasticloadbalancing:ResourceTag/UsedBy": "Kyvos" } }, "Action": [ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:ModifyTargetGroup" ], "Resource": "*", "Effect": "Allow", "Sid": "elbPermission" }
After updating the permission, you must start Kyvos Manager instance.
Note
When multiple web portals are configured, after the upgrade, only step 4 is required, i.e., permissions must be added.
Post upgrade steps to scale Web Portal for Azure Marketplace
To scale Web Portal for Azure Marketplace, perform the following steps.
Once the upgrade for Kyvos 2024.2 is completed, login to your Azure Portal.
Navigate to Kyvos Manager VM. In the left pane, go to Settings, click Extensions+applications and select lapextension.
Click Uninstall.
Once the extension is uninstalled, ssh into Kyvos Manager VM and execute the az login –-identity command.
Copy Azure_LapExtension.json and parameter.json in Kyvos Manager instance at any path.
Copy the Kyvos Manager Instance value.
In the parameter.json, update the copied Kyvos Manager Instance Value, as shown below.
NOTE: Remove the Owner and Jira values from the parameter.json file.
To create a lapextension extension on Kyvos Manager VM, replace the resourceGroupName with the name of the resource group in which the Kyvos Manager machine exists by executing the following command.
az deployment group create --resource-group resourceGroupName --name lapextension --template-file Azure_LapExtension.json --parameters parameters.json
For example, in the following image, the highlighted part is the resource group name.
Post upgrade permission to scale Kyvos nodes for GCP Marketplace
The compute.healthChecks.update permission needs to be assigned to the service account attached to Kyvos nodes.
If using shared VPC, the compute.subnetworks.use permission needs to be assigned to the service account (attached to Kyvos nodes) in the project where the network originally resides.
Copyright Kyvos, Inc. All rights reserved.