5.13 (Kubernetes)
v5.13.1+ (Kubernetes)
What's new
- Service accounts have been shortened from APP_NAME-serviceaccount to APP_NAME-sa to simplify resource naming.
- Non-Web Cinchy components now communicate via Cinchy Web through the Cinchy Client. Previously, this traffic went over a public endpoint, exiting the cluster to the Internet. Now, the Istio Service Mesh manages it within the cluster.
- Cinchy Automations uses a CronJob setup that currently functions best without Istio sidecars. Istio is disabled for these jobs to maintain compatibility, with Permissive MTLS mode allowing the CronJob to connect with Cinchy Web and IdP components as expected.
- The AWS CSI driver has been removed from Terraform deployment steps, streamlining the infrastructure setup.
- Azure SQL Instances are now configured to be private by default, creating a private DNS and private endpoint while disabling Azure resource access.
Upgrade Steps
To upgrade the components, follow the instructions below in the order presented.
Prerequisites
If you have made custom changes to your deployment file structure, please contact your Support team before you upgrade your environments.
- Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column. For this upgrade, please download the Cinchy Kubernetes Deployment Template v5.13.x.zip file.
Depending on your current version, you may need to:
- Run the 5.2 upgrade script
- Run the 5.5 upgrade script
- Make changes to your connection string:
If you are upgrading from 5.0-5.3 to 5.13.1+ on an SQL Server Database, you need to make a change to your connectionString if you haven't already done so. Add TrustServerCertificate=True to bypass the certificate chain during validation.
For a Kubernetes deployment, you can add this value in your deployment.json file:
"cinchy_instance_configs": {
"database_connection_string": "User ID=cinchy;Password=<password>;Host=<db_hostname>;Port=5432;Database=development;Timeout=300;Keepalive=300;TrustServerCertificate=True"}
| Current Version | Run the 5.2 Upgrade Script | Run the 5.5 Upgrade Script | Connection String Changes (SQL Server DB) |
|---|---|---|---|
| 5.0 | Yes | Yes | Yes |
| 5.1 | Yes | Yes | Yes |
| 5.2 | X | Yes | Yes |
| 5.3 | X | Yes | Yes |
| 5.4 | X | Yes | X |
| 5.5 | X | X | X |
| 5.6 | X | X | X |
| 5.7 | X | X | X |
| 5.8 | X | X | X |
| 5.9 | X | X | X |
| 5.10 | X | X | X |
| 5.11 | X | X | X |
| 5.12 | X | X | X |
| 5.13 | X | X | X |
Configure to the newest version
Clean existing repositories
- Go to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
- Go to your cinchy.kubernetes repository. Delete all existing folder structure except for the
.gitfile.
If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it's not commented, don't change it. Changing this will delete your ArgoCD namespace, which will force you to delete everything from Kubernetes and redeploy.
- Go to your cinchy.terraform repository. Delete all existing folder structure except for the
.gitfile. - Go to your cinchy.devops.automation repository. Delete all existing folder structure except for the
.gitfile and your deployment.json.
Download k8s template
- Open the
Kubernetes Deployment Template v5.13.1.zipand place the files into their respective cinchy.kubernetes, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Secrets
- If you have AWS Secrets Manager or Azure Key Vault enabled and haven't already done so, create your secrets:
Deployment JSON Update
-
Go to the new
aws.json/azure.jsonfiles and compare them with your currentdeployment.jsonfile. All additional fields in the newaws.json/azure.jsonfiles should be added to your currentdeployment.json. -
Update the Kubernetes version in your
deployment.json. To upgrade EKS to a new version, you need to follow an upgrade sequence, installing each incremental version one by one. For example, you might need to upgrade from 1.27 to 1.28, then from 1.28 to 1.29, and finally from 1.29 to 1.30. -
Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
Terraform Updates
If you are using AWS Secret Manager: perform all the steps in this section.
If you are not using AWS Secret Manager: only perform steps 1 and 5.
- Navigate to your cluster directory:
- For AWS deployments: Navigate to
cinchy.terraform/aws/eks_cluster/<cluster_name>/new-vpc.tforcinchy.terraform/aws/eks_cluster/<cluster_name>/existing-vpc.tfbased on your current setup. - For Azure deployments: Navigate to
cinchy.terraform/azure/aks_cluster/<cluster_name>/new-vpc.tforcinchy.terraform/azure/aks_cluster/<cluster_name>/existing-vpc.tfbased on your current setup.
- For AWS deployments: Navigate to
- Set the following values temporarily to false:
enable_secrets_store_csi_driver_provider_aws = falseenable_secrets_store_csi_driver = false
- Run the upgrade process:
bash create.sh
- After successful completion, set
enable_secrets_store_csi_driver_provider_aws = true. This ensures that the appropriate CSI driver is installed, even if AWS Secret Manager is disabled in the deployment JSON. - Run the following:
bash create.sh
Update Cinchy Instance
-
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD. Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
-
Execute the following command to deploy ArgoCD:
bash deploy_argocd.sh -
Validate ArgoCD pods are running.
-
Execute the following command to deploy/update cluster components and Cinchy components:
bash deploy_cluster_components.sh
bash deploy_cinchy_components.sh
Commit Changes
- Commit changes to Git for all relevant repositories.
- Refresh applications in the ArgoCD console if required.
- All users must log out and back in to your Cinchy environment in order for the changes to properly take effect.
v5.13 (Kubernetes)
What's New
- Cinchy v5.13+ has been updated to .NET 8. This change will be reflected automatically upon upgrading your platform.
Upgrade Steps
To upgrade the components, follow the instructions below in the order presented.
Prerequisites
If you have made custom changes to your deployment file structure, please contact your Support team before you upgrade your environments.
- Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column. For this upgrade, please download the Cinchy Kubernetes Deployment Template v5.13.zip file.
Depending on your current version, you may need to:
- Run the 5.2 upgrade script
- Run the 5.5 upgrade script
- Make changes to your connection string:
If you are upgrading from 5.0-5.3 to 5.13 on an SQL Server Database, you need to make a change to your connectionString if you haven't already done so. Add TrustServerCertificate=True to bypass the certificate chain during validation.
For a Kubernetes deployment, you can add this value in your deployment.json file:
"cinchy_instance_configs": {
"database_connection_string": "User ID=cinchy;Password=<password>;Host=<db_hostname>;Port=5432;Database=development;Timeout=300;Keepalive=300;TrustServerCertificate=True"}
| Current Version | Run the 5.2 Upgrade Script | Run the 5.5 Upgrade Script | Connection String Changes (SQL Server DB) |
|---|---|---|---|
| 5.0 | Yes | Yes | Yes |
| 5.1 | Yes | Yes | Yes |
| 5.2 | X | Yes | Yes |
| 5.3 | X | Yes | Yes |
| 5.4 | X | Yes | X |
| 5.5 | X | X | X |
| 5.6 | X | X | X |
| 5.7 | X | X | X |
| 5.8 | X | X | X |
| 5.9 | X | X | X |
| 5.10 | X | X | X |
| 5.11 | X | X | X |
| 5.12 | X | X | X |
Configure to the newest version
Clean existing repositories
- Go to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
- Go to your cinchy.kubernetes repository. Delete all existing folder structure except for the
.gitfile.
If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it's not commented, don't change it. Changing this will delete your ArgoCD namespace, which will force you to delete everything from Kubernetes and redeploy.
- Go to your cinchy.terraform repository. Delete all existing folder structure except for the
.gitfile. - Go to your cinchy.devops.automation repository. Delete all existing folder structure except for the
.gitfile and your deployment.json.
Download k8s template
- Download and open the new Cinchy
Kubernetes Deployment Template v5.13.zipfile from the Cinchy Releases table and place the files into their respective cinchy.kubernetes, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories. - Go to the new
aws.json/azure.jsonfiles and compare them with your currentdeployment.jsonfile. All additional fields in the newaws.json/azure.jsonfiles should be added to your currentdeployment.json. - Update the Kubernetes version in your
deployment.json. To upgrade EKS to a new version, you need to follow an upgrade sequence, installing each incremental version one by one. For example, you might need to upgrade from 1.27 to 1.28, then from 1.28 to 1.29, and finally from 1.29 to 1.30.
You may have changed the name of the deployment.json file during your original
platform deployment. If so, make sure that you swap up the name wherever it
appears in this document.
Upgrade and redeploy components
-
Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
dotnet Cinchy.DevOps.Automations.dll "deployment.json" -
Commit all of your changes (if there were any) in each repository.
-
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
-
Execute the following command to deploy ArgoCD:
bash deploy_argocd.sh -
Validate ArgoCD pods are running.
-
Execute the following command to deploy/update cluster components and Cinchy components:
bash deploy_cluster_components.sh
bash deploy_cinchy_components.sh -
You might see a couple of ArgoCD apps out of sync. Sync them manually.
-
All users must log out and back in to your Cinchy environment in order for the changes to properly take effect.
Upgrade AWS EKS and Azure AKS
The following methods can be used upgrade the AWS EKS (from 1.27 up to 1.30.x) and Azure AKS (from 1.27 to 1.29.x) versions.
- For AWS export credentials and for Azure run the
az logincommand, if required. - To perform terraform operations, the cluster directory must be the working directory during execution.
- The AWS deployment updates a folder named
eks_clusterin the Terraform > AWS directory. Within that directory is a subdirectory with the same name as the created cluster. - The Azure deployment updates a folder named
aks_clusterWithin the Terraform > Azure directory. Within that directory is a subdirectory with the same name as the created cluster.
- The AWS deployment updates a folder named
- Go to your cinchy.devops.automations repository and change AKS/EKS version in
deployment.json(or<cluster name>.json) within the same directory. - From a shell/terminal, navigate to the cinchy.devops.automations directory location and execute the following command:
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
- Run the command below to start the upgrade process. Make sure to verify before you select yes to upgrade the process. This shouldn't delete or destroy any data. It runs an in-place deployment that will update the Kubernetes version.
bash create.sh
Before accepting the change, verify that it meets your expectations and ensures the protection of your database and any other resources. This command will create, update, or destroy vnet, subnet, AKS cluster, and AKS node groups. Make sure to review the changes before proceeding.