Upgrade Wayfinder using Terraform
Please note that the instructions on this page are only for upgrading Wayfinder and the cluster it runs within. See how you can upgrade Kubernetes Clusters.
You must update Wayfinder's cloud access permissions after an upgrade or re-install, otherwise it could result in access failures for existing linked cloud accounts. See Update Wayfinder's cloud access below.
Upgrade Wayfinder using Terraform
To upgrade Wayfinder using our Terraform installation module:
-
Identify the latest release of Wayfinder you wish to update to:
-
Check the release notes for any breaking changes or required updates to make.
-
Update the Wayfinder module version in your Terraform code to the latest release:
module "wayfinder" {
source = "github.com/appvia/terraform-aws-wayfinder?ref=v2.3.3-tf.1"
...
} -
Make any other required Terraform changes as mentioned in the release notes.
-
Run a
terraform planandterraform applyas per the install instructions.
Update Wayfinder's cloud access
You must follow this procedure after you complete an upgrade or re-install.
After upgrading Wayfinder, it is essential any new cloud permissions required are updated to ensure:
- New Wayfinder features can work
- Any improvement in access rights to existing features are maintained
To update Wayfinder's cloud access permissions:
- Check the current version of Wayfinder you are running:
wf version --server - Identify the matching release version of the Wayfinder Terraform Module for the relevant Cloud provider:
- Update the Wayfinder Cloud Access module version in your Terraform code to the latest release:
module "wayfinder_cloudaccess_myworkspace_nonprod" {
source = "github.com/appvia/terraform-aws-wayfinder//modules/cloudaccess?ref=v2.3.3-tf.1"
...
} - Run a
terraform planandterraform applyas per your normal Terraform workflow.
Frequently Asked Questions
When attempting to upgrade Wayfinder on EKS, I get a failure to authenticate to the EKS Cluster
When Wayfinder is installed on an AWS EKS cluster, the IAM Role used for the installation is automatically added within the EKS aws-auth ConfigMap, which enables access to the EKS API endpoint. If you are performing an upgrade or need to access the EKS Management Cluster (e.g. for debugging, troubleshooting, providing logs to Appvia Support), you need to use the same IAM Role used for the original installation, or alternatively add the IAM Role you are using to the aws-auth ConfigMap.
To add a new IAM Role to the aws-auth ConfigMap:
- Add a trust policy to the original IAM Role used to perform the Wayfinder installation:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:root"
},
"Action": "sts:AssumeRole"
}
]
}
aws sts assume-role --role-arn <AWS_IAM_ROLE_ARN> --role-session-name admin
- Add the IAM Role to the
aws-authConfigMap, example below is using the eksctl CLI:
eksctl create iamidentitymapping \
--region <AWS_REGION> \
--cluster <EKS_CLUSTER_NAME> \
--arn <AWS_IAM_ROLE_ARN> \
--username <AWS_IAM_ROLE_NAME> \
--group system:masters \
--no-duplicate-arns
- Use your initial IAM User / Role and run the following command to gain access to the EKS cluster:
aws eks update-kubeconfig --region <AWS_REGION> --name <EKS_CLUSTER_NAME>