Prerequisites
This page details the prerequisites you need in place before and after install in order for Wayfinder to run successfully.
Summary of prerequisites​
Tools on your workstation:
Pre-install
- Cloud access for install
- If upgrading/re-installing: Use an AWS role for upgrade or re-install
Optional Pre-requisites
Post-install
Cloud access for install​
Wayfinder is installed into a cloud account that you have access to. See the instructions below for the cloud you want to install Wayfinder in.
AWS​
Follow these steps to configure your console for access to an AWS Account using the aws tool:
note
If you are using
~/.aws/credentialsin your environment, it will take precedent over the SSO profile. Either remove this credentials file or make sure it is set to the right account.Configure AWS profile, and then run
export AWS_PROFILE=<profile_name>.
Azure​
Set up access to an Azure Subscription in your console using the az tool:
GCP​
The gcloud tool is part of the GCP SDK and is required for console access to a GCP project:
Access to create public DNS records​
Wayfinder is required to be installed securely with valid DNS records that can be trusted for secure web access (HTTPS).
Two DNS names in the same DNS zone are required for a Wayfinder install, for example:
api.wayfinder.myorg.com(Wayfinder API)portal.wayfinder.myorg.com(Web UI)
You can use any public-facing DNS zone for these records or for testing, Wayfinder can be used with automatically generated DNS names in an Appvia owned DNS zone.
The Wayfinder install reserves public IP addresses with your cloud provider during install and waits for these names to resolve before continuing.
Identity provider​
We strongly recommend that you configure an identity provider when using Wayfinder. This is done after installing - see User authentication providers for more information and help setting up specific providers.
Use an AWS role for upgrade or re-install​
note
This prerequisite is needed only when upgrading or re-installing Wayfinder on an AWS EKS cluster.
When Wayfinder is installed on an AWS EKS cluster, the installer automatically adds a reference to a default AWS role to EKS. The following shows the installer message with the default role wf-wayfinder:
✔ Successfully validated AWS API access
An AWS role is required if you need another user to re-install Wayfinder
This may be created after the initial installation
✔ Role ARN which will have admin access to the EKS cluster outside Wayfinder: arn:aws:iam::12345678910:role/wf-wayfinder
The user that installs Wayfinder for the first time can either override the default role with an existing AWS role, or create the Wayfinder default role in AWS. This original user is then the kubernetes IAM entity given access to the install cluster, via this role.
Subsequently, if a different user needs to upgrade or re-install Wayfinder, that user must use the AWS role used in the original install in order to upgrade or re-install.
To use the original Wayfinder install role on upgrade or reinstall:
Find the name of the role used for the original Wayfinder install in the
wf-install.yamlfile:grep awsClusterAdminRoleARN wf-install.yaml
awsClusterAdminRoleARN: arn:aws:iam::149353100611:role/wf-wayfinderIn this example, the role name returned is
wf-wayfinder.If the above role doesn't exist in AWS after the original install, create this role in AWS with the relevant user access policy. For instructions, see the following AWS documenation:
Before running the Wayfinder install, assume the above AWS role using the AWS CLI:
aws sts assume-roleSee the AWS documentation.
For more information, see the AWS documentation on Creating a role to delegate permissions to an IAM user.