Upgrade Wayfinder

important

Please note that the instructions on this page are only for upgrading Wayfinder and the cluster it runs within. See how you can upgrade Kubernetes Clusters and Packages by visiting the relevant documentation sections.

You can upgrade Wayfinder for:

• Terraform Module installs
• AWS Marketplace (if you used the installer from AWS Marketplace)
• Azure Marketplace (if you used the installer from Azure Marketplace)

Important

You must update Wayfinder's cloud access permissions after an upgrade or re-install, otherwise it could result in access failures for existing linked cloud accounts. See Update Wayfinder's cloud access below.

Upgrade Wayfinder

Terraform Installs

To upgrade Wayfinder:

1. Identify the latest release of Wayfinder you wish to update to:

   • AWS
   • Azure
   • GCP

2. Check the release notes for any breaking changes or required updates to make.

3. Update the Wayfinder module version in your Terraform code to the latest release:

   module "wayfinder" {
       source = "github.com/appvia/terraform-aws-wayfinder?ref=v2.3.3-tf.1"
       ...
   }

4. Make any other required Terraform changes as mentioned in the release notes.

5. Run a terraform plan and terraform apply as per the install instructions.

AWS Marketplace

Wayfinder is available directly on the AWS Marketplace. You can find it by doing one of the following:

• Click Appvia's AWS Marketplace link
• Search for Appvia or Wayfinder under the AWS Marketplace Homepage

Wayfinder is offered on the Marketplace as a CloudFormation Stack. This stack creates the resources needed to run the Wayfinder installer, and provisions Wayfinder on a Management Kubernetes Cluster within your own AWS account.

Reach out to the Appvia Support Team and we will provide the latest version of Wayfinder via a CloudFormation template, with steps to upgrade.

Azure Marketplace

Wayfinder is available directly on the Azure Marketplace. You can find it by doing one of the following:

• Click Appvia's Azure Marketplace link
• Search for Appvia or Wayfinder under the Azure Marketplace Homepage

Wayfinder is offered on the Marketplace as a Managed Application. Therefore, you don't need to worry about performing Wayfinder upgrades yourself.

Wayfinder is deployed within a Resource Group that exists within the customer's Azure subscription, but is managed and supported by Appvia. An identity within the Appvia Tenant (support AAD Group) has access to the resource group to provide support and manage upgrades for Wayfinder.

Reach out to the Appvia Support Team and we will schedule and arrange an upgrade at an agreed time (within Appvia Normal Business Hours). An Appvia engineer will perform the upgrade and ensure Wayfinder is in a healthy and fully working condition, prior to handover.

---

Update Wayfinder's cloud access

Important

You must follow this procedure after you complete an upgrade or re-install.

After upgrading Wayfinder, it is essential any new cloud permissions required are updated to ensure:

• New Wayfinder features can work
• Any improvement in access rights to existing features are maintained

To update Wayfinder's cloud access permissions:

1. Check the current version of Wayfinder you are running:

   wf version --server
2. Identify the matching release version of the Wayfinder Terraform Module for the relevant Cloud provider:
   • AWS
   • Azure
   • GCP
3. Update the Wayfinder Cloud Access module version in your Terraform code to the latest release:

   module "wayfinder_cloudaccess_myworkspace_nonprod" {
       source = "github.com/appvia/terraform-aws-wayfinder//modules/cloudaccess?ref=v2.3.3-tf.1"
       ...
   }
4. Run a terraform plan and terraform apply as per your normal Terraform workflow.

---

Frequently Asked Questions

When attempting to upgrade Wayfinder on EKS, I get a failure to authenticate to the EKS Cluster

When Wayfinder is installed on an AWS EKS cluster, the IAM Role used for the installation is automatically added within the EKS aws-auth ConfigMap, which enables access to the EKS API endpoint. If you are performing an upgrade or need to access the EKS Management Cluster (e.g. for debugging, troubleshooting, providing logs to Appvia Support), you need to use the same IAM Role used for the original installation, or alternatively add the IAM Role you are using to the aws-auth ConfigMap.

To add a new IAM Role to the aws-auth ConfigMap:

1. Add a trust policy to the original IAM Role used to perform the Wayfinder installation:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

2. Assume the above IAM Role:

aws sts assume-role --role-arn <AWS_IAM_ROLE_ARN> --role-session-name admin

3. Add the IAM Role to the aws-auth ConfigMap, example below is using the eksctl CLI:

eksctl create iamidentitymapping \
    --region <AWS_REGION> \
    --cluster <EKS_CLUSTER_NAME> \
    --arn <AWS_IAM_ROLE_ARN> \
    --username <AWS_IAM_ROLE_NAME> \
    --group system:masters \
    --no-duplicate-arns

4. Use your initial IAM User / Role and run the following command to gain access to the EKS cluster:

aws eks update-kubeconfig --region <AWS_REGION> --name <EKS_CLUSTER_NAME>