1 of 24

Upgrade Cinchy

The pages under this section deal with upgrading your Cinchy platform.

Additional notes

If you are currently running Cinchy v4+ or v5+ and wish to upgrade your components, please review the documentation here: Upgrading Cinchy Versions
If you are currently running Cinchy v4+ and wish to upgrade to v5+, please review the documentation here: Upgrading from v4 to v5

Cinchy Upgrade Utility

This page details information on the Cinchy Upgrade Utility.

Overview

The Cinchy Upgrade Utility was first introduced in v5.2 to ease a mandatory INT to BigInt upgrade. This tool has continued to be used in subsequent releases as an easy way to deploy necessary changes to your Cinchy platform.

Considerations

Upgrades will also be specified on the applicable page for each release.
Depending on your upgrade path, certain upgrades must be performed in sequential and/or specific order. This will be clearly marked in the section.
- For example: To go from v5.1 to v5.5, you would first have to run the 5.2 upgrade utility and deploy the release. Once validated, you would then run the 5.5 upgrade and deploy that version.
Not all new releases will have changes that require the utility to be run. Review the table in section 4 for the full list.

Prerequisites

You will need to run this process as a user with admin/dbowner privileges to your database.
You will need to have installed on the machine that you will run the utility on.
Retrieve the Upgrade Utility from the Cinchy Releases table.

Upgrades

Release

Upgrade

Kubernetes Upgrade

IIS Upgrade

Overview and considerations

v5.2: INT to BigInt

Overview

Cinchy v5.2 introduced the update from INT to BigInt data types to increase the number of possible Cinchy IDs that can be generated. This in turn allows the creation of more records within one table, so that you can create and manage larger data sets.

Previous Limit: 2,147,483,647 (2^31-1) Cinchy IDs per table

Updated Limit: 9,223,372,036,854,775,807 (2^63-1) Cinchy IDs per table

This upgrade is REQUIRED** when upgrading from v5.1 or lower to v5.2 or higher.**

Considerations

If you are upgrading from any non-5.x version (3.x or 4.x), we recommend first upgrading to v5.1.4 to process the major database change. Once v5.1.4 has been deployed, you may run the 5.2 utility upgrade.
To run the 5.2 upgrade, use the -v "5.2" flag in the upgrade utility. Remember to deploy the release once the upgrade is validated.

v5.5: 4000 Character Bug

Overview

To upgrade to Cinchy version 5.5, you must run the Upgrade Utility to fix a row-breaking issue that could be triggered on cells with over 4000 characters, where you are unable to update any column in your record.

This upgrade is REQUIRED when upgrading to Cinchy v5.5.

Considerations

If you are upgrading from any version lower than 5.2, you must first perform the v5.2 INT to BigInt upgrade and deploy that release.
To run the 5.5 upgrade, use the -v "5.5" flag in the upgrade utility. Remember to deploy the release once the upgrade is validated.

Upgrade instructions

We recommend you follow this process during off-peak hours.

Turn off your Cinchy platform. (Note: This step is only required for the 5.2 upgrade)
2. In an IIS Deployment:
  1. Open your Windows Services Panel.
  2. Select IIS Admin Service.
  3. Stop the service.
  4. Right-click IIS Admin Service and select Properties.
  5. Change 'Start Up Type' to 'Disabled'.
Create a backup snapshot of your platform.
Retrieve the Upgrade Utility from the Cinchy Releases table if you haven't already.
Run the following command through a command window as an admin/dbowner, using the table below as a guide.

You will see the below progress bar as your upgrade completes (Image 1). Once it's done, you will see a VALIDATION PASSED check.

Tip: Click on the image below to enlarge it.

If there are any errors during execution or your validation fails, we suggest that you restore your database from the backup and contact Cinchy support.

Note: You must deploy whichever version of the platform you ran the upgrade utility for.

If it was turned off in step 1, turn your Cinchy platform back on.
2. In an IIS deployment:
  1. Open your Windows Services Panel.
  2. Select IIS Admin Service.
  3. Start the service.
  4. Right-click IIS Admin Service and select Properties.
  5. Change 'Start Up Type' to 'Enabled'.

Kubernetes upgrades

Overview

The pages under this section can be used to help guide you through an upgrade of your Cinchy instance.

v5.1 (Kubernetes)

Upgrading on Kubernetes

When it comes time to upgrade your various components, you can do so by updating the version number in your configuration files and applying the changes in ArgoCD.

Configure to the newest version

Navigate to your Cinchy devops.automation repository
1. Navigate to your deployment.json (You may have renamed this during your original Kubernetes deployment)
2. In the cinchy_instance_configs section, navigate to the image tags. Replace the version number with the instance that you wish to deploy (Ex: v5.0.0 > 5.1.0).

2. Rerun the deployment script by using the following command in the root directory of your devops.automations repository:

3. Commit and push your changes.

Apply your Configurations

If your environment isn't set-up to automatically apply upon configuration, complete the following the apply the newest version:

Navigate to the ArgoCD portal.
Refresh your component(s). If that doesn't work, re-sync.

v5.2 (Kubernetes)

Upgrading on Kubernetes

When it comes time to upgrade your various components, you can do so by updating the version number in your configuration files and applying the changes in ArgoCD.

If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.2**, please review and follow the directives for Upgrade 5.2.

Configure to the newest version

Navigate to your Cinchy devops.automation repository
1. Navigate to your deployment.json (You may have renamed this during your original Kubernetes deployment)
2. In the cinchy_instance_configs section, navigate to the image tags. Replace the version number with the instance that you wish to deploy (Ex: v5.1.0 > 5.2.0).

  // The component image tags are specified below to define which versions to deploy
  "connections_image_tag": "v5.2.0",
  "event_listener_image_tag": "v5.2.0",
  "idp_image_tag": "v5.2.0",
  "maintenance_cli_image_tag": "v5.2.0",
  "meta_forms_image_tag": "v5.2.0",
  "web_image_tag": "v5.2.0",
  "worker_image_tag": "v5.2.0"

Rerun the deployment script by using the following command in the root directory of your devops.automations repository:

dotnet Cinchy.DevOps.Automations.dll "deployment.json"

Commit and push your changes.

Apply your configurations

If your environment isn't set-up to automatically apply upon configuration, complete the following the apply the newest version:

Navigate to the ArgoCD portal.
Refresh your component(s). If that doesn't work, re-sync.

v5.3 (Kubernetes)

Upgrading on Kubernetes

When it comes time to upgrade your various components, you can do so by updating the version number in your configuration files and applying the changes in ArgoCD.

If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.3**, you must first run a mandatory process (Upgrade 5.2) **and deploy version 5.2. Once complete, you can continue on with your 5.3 upgrade.

Configure to the newest version

Navigate to your cinchy devops.automation repository
1. Navigate to your deployment.json (You may have renamed this during your original Kubernetes deployment)
2. In the cinchy_instance_configs section, navigate to the image tags. Replace the version number with the instance that you wish to deploy (Ex: v5.2.0 > 5.3.0).

Rerun the deployment script by using the following command in the root directory of your devops.automations repository:

3. Commit and push your changes.

Apply the configurations

If your environment isn't set-up to automatically apply upon configuration, complete the following the apply the newest version:

Navigate to the ArgoCD portal.
Refresh your component(s). If that doesn't work, re-sync.

v5.4 (Kubernetes)

Upgrading on Kubernetes

When it comes time to upgrade your various components, you can do so by following the below instructions.

Warning: Upgrading to v5.4 will require you to take your Cinchy platform offline. We recommend you perform this upgrade during off-peak hours

Warning:** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.4,** you must first run a mandatory process _(Upgrade 5.2)_ and deploy version 5.2. Once complete, you can continue on with your 5.4 upgrade.

If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString. Adding will allow you to bypass the certificate chain during validation.

For a Kubernetes deployment, you can add this value in your deployment.json file:

Prerequisites

Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column (Image 1). For this upgrade, please download the Cinchy v5.4 k8s-template.zip file.

Take your platform offline

Configure to the newest version

Navigate to your cinchy.argocd repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Navigate to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.

If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it's not commented then please keep it as is. Changing this will delete your ArgoCD namespace, which will force you to delete everything from Kubernetes and redeploy.

Navigate to your cinchy.terraform repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Navigate to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Open the new Cinchy v5.4 k8s-template.zip file you downloaded from the Cinchy Releases table.
Navigate to the new aws.json/azure.json files and compare them with your current deployment.json file. Any additional fields in the new aws.json/azure.json files should be added to your current deployment.json.

Note that you may have changed the name of the deployment.json file during your original platform deployment. If so, ensure that you swap up the name wherever it appears in this document.

Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.

When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
- "5.x.x" - Alpine
- "5.x.x-debian" - Debian

Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:

Commit all your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.
1. Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
2. Execute the following command to deploy ArgoCD:

If there were any change to the cluster components, execute the following command from the cinchy.argocd repository:

If there were any change to the Cinchy instance, execute the following command from the cinchy.argocd repository:

Turn on the platform and apply your configurations

When the new version is started for the first time, one node is made responsible for the migration of the entire database. This process can take upwards of 30 minute to complete and your system will be unavailable during this time.

v5.5 (Kubernetes)

This page details the instructions for upgrading your Cinchy platform to v5.5 on Kubernetes

Upgrading on Kubernetes

When it comes time to upgrade your various components, you can do so by following the below instructions.

This release requires you to run the Cinchy Upgrade Utility.

Additionally,** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.5, you must first run a mandatory process (Upgrade 5.2)** and deploy version 5.2. Once complete, you can continue on with your 5.5 upgrade.

If you are upgrading from Cinchy v5.3 or lower to Cinchy v5.5 on an SQL Server Database, you will need to make a change to your connectionString. Adding will allow you to bypass the certificate chain during validation.

For a Kubernetes deployment, you can add this value in your deployment.json file:

Prerequisites

Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column (Image 1). For this upgrade, please download the Cinchy v5.5 k8s-template.zip file.

Configure to the newest version

Navigate to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
Navigate to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.

If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it's not commented then please keep it as is. Changing this will delete your ArgoCD namespace, which will force you to delete everything from Kubernetes and redeploy.

Navigate to your cinchy.terraform repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Navigate to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented and your deployment.json.
Open the new Cinchy v5.4 k8s-template.zip file you downloaded from the Cinchy Releases table and check the files into their respective cinchy.kubernetes, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Navigate to the new aws.json/azure.json files and compare them with your current deployment.json file. Any additional fields in the new aws.json/azure.json files should be added to your current deployment.json.

Note that you may have changed the name of the deployment.json file during your original platform deployment. If so, ensure that you swap up the name wherever it appears in this document.

When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
- "5.x.x" - Alpine
- "5.x.x-debian" - Debian

Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:

Commit all your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.
1. Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
2. Execute the following command to deploy ArgoCD:

If there were any change to the cluster components, execute the following command from the cinchy.argocd repository:

If there were any change to the Cinchy instance, execute the following command from the cinchy.argocd repository:

v5.6 (Kubernetes)

This page details the instructions for upgrading your Cinchy platform to v5.6 on Kubernetes

Upgrading on Kubernetes

When it comes time to upgrade your various components, you can do so by following the below instructions.

If you have made custom changes to your deployment file structure, please contact your Support team prior to upgrading your environments.

Warning:** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.2)** using the Cinchy Utility and deploy version 5.2.

If you are upgrading from Cinchy v5.3 or lower to Cinchy v5.6 on an SQL Server Database, you will need to make a change to your connectionString. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.

For a Kubernetes deployment, you can add this value in your deployment.json file:

"cinchy_instance_configs": {
          "database_connection_string": "User ID=cinchy;Password=<password>;Host=<db_hostname>;Port=5432;Database=development;Timeout=300;Keepalive=300;TrustServerCertificate=True"}

Warning:** If you are upgrading from Cinchy v5.4 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.5) using** the Cinchy Utility and deploy version 5.5.

Prerequisites

Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column (Image 1). For this upgrade, please download the Cinchy v5.6 k8s-template.zip file.
Review the template changes for this upgrade.

Configuring to the newest version

Navigate to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
Navigate to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file.

Navigate to your cinchy.terraform repository. Delete all existing folder structure except for the .git file.
Navigate to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and your deployment.json.
Open the new Cinchy v5.6 k8s-template.zip file you downloaded from the Cinchy Releases table and check the files into their respective cinchy.kubernete, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Navigate to the new aws.json/azure.json files and compare them with your current deployment.json file. Any additional fields in the new aws.json/azure.json files should be added to your current deployment.json.

Note that you may have changed the name of the deployment.json file during your original platform deployment. If so, ensure that you swap up the name wherever it appears in this document.

When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
- "5.x.x" - Alpine
- "5.x.x-debian" - Debian

Perform this step only If you are upgrading to 5.6 on an SQL Server Database and didn't already make this change in any previous updates. \

Navigate to your cinchy_instance_configs section > database_connection_string, and add in the following value to the end of your string: TrustServerCertificate=True

"cinchy_instance_configs": {
          "database_connection_string": "User ID=cinchy;Password=<password>;Host=<db_hostname>;Port=5432;Database=development;Timeout=300;Keepalive=300;TrustServerCertificate=True"},

Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:

dotnet Cinchy.DevOps.Automations.dll "deployment.json"

Commit all of your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.
1. Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
2. Execute the following command to deploy ArgoCD:

bash deploy_argocd.sh

If there were any change to the cluster components, execute the following command from the cinchy.argocd repository:

bash deploy_cluster_components.sh

If there were any change to the Cinchy instance, execute the following command from the cinchy.argocd repository:

bash deploy_cinchy_components.sh

Appendix A

Template changes (Kubernetes 5.6)

The AWS EKS version has been upgraded to support up to v1.24.
We've added support for AWS EKS EBS volume encryption. By default EKS worker nodes will have gp3 storage class.
- For current Cinchy environments you must keep your eks_persistent_apps_storage_class to gp2 in your DevOps automation aws.json file.
- If you want to move to gp3 storage or gp3 storage and volume encryption, you will have to delete any existing volumes/pvc's for Kafka, Redis, OpenSearch, Logging Operator and Event Listener with statefulset. This ensures that ArgoCD will take care of recreation of resources.
- If your Kafka cluster pods aren't coming back you must restart your Kafka operators.
- You can verify the change by running the following command: "kubectl get pvc --all-namespaces".
The Connections app has changed from StatefulSet to Deployment. The persistence volume has changed to emptyDir.
We've modified the replica count from 1 to 2 for istiod and istio ingress.
We've disabled the ArgoCD namespace: istio injection.
- If this is already enabled on your environment you may keep it as is, such as keeping the cinchy.kubernetes/cluster_components/servicemesh/istio/istio-injection/argocd-ns.yaml file as it's without commenting content in it.
The Istio namespace injection has been removed.
- If this is already enabled on your environment please keep it as is -- otherwise it will force you to redeploy all of your Kubernetes application components.
We've upgraded the AWS Secret Manager CSI Driver to the latest version due to crashing pods.
We've added support for the EKS EBS CSI driver in lieu of using in-tree EBS storage plugin.
We've changed the EKS Metrics server port number in order to support newer versions of Kubernetes.
We've set fixed AWS Terraform providers version for all components.
We've installed the cluster autoscaler from local charts instead of remote charts.
The deprecated azurerm_sql_server Terraform resource has been changed to azurerm_mssql_server
The deprecated azurerm_sql_database resource has been changed to azurerm_mssql_database
The deprecated azurerm_sql_failover_group has been changed to azurerm_mssql_failover_group
The deprecated azurerm_sql_firewall_rule has been changed to azurerm_mssql_firewall_rule

v5.7 (Kubernetes)

What's new

The major changes for the 5.7 Kubernetes upgrade are the following:

The Azure AKS and AWS EKS version supports up to 1.27
Upgraded ArgoCD from 2.1.7 to v2.7.6
Upgraded Istio from 1.3.1 to 1.18.0
OpenSearch from 1.2.0 to 2.13.1
Upgraded Logging Operator from 3.17.2 to 4.2.2
Upgraded Kube Prometheus Stack from 17.2.2 to 47.0.0
Upgraded Strimzi Kafka Operator from 0.1.0 to 0.34.0
New app Kafka UI 0.7.1
OpenSearch Index creation based on date format

Upgrading on Kubernetes

To upgrade your various components, follow the instructions below in the order presented.

Prerequisites

If you have made custom changes to your deployment file structure, please contact your Support team before you upgrade your environments.

Upgrade from 5.1 or lower

If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.7, you must run Upgrade 5.2 using the Cinchy Utility and deploy version 5.2.

Upgrade from v5.2 or higher

If you are upgrading from 5.2 or higher, follow the 5.7 upgrade instructions below, then use the Cinchy Utility and deploy the target version using the -v "X.X" argument.

Configure to the newest version

Clean existing repositories

Go to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
Go to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file.

If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it's not commented, don't change it. Changing this will delete your ArgoCD namespace, which will force you to delete everything from Kubernetes and redeploy.

Go to your cinchy.terraform repository. Delete all existing folder structure except for the .git file.
Go to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and your deployment.json.

Download k8s template

Download and open the new Cinchy v5.7 k8s-template.zip file from the Cinchy Releases table and place the files into their respective cinchy.kubernetes, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Go to the new aws.json/azure.json files and compare them with your current deployment.json file. All additional fields in the new aws.json/azure.json files should be added to your current deployment.json.
Update the Kubernetes version in your deployment.json. To upgrade EKS to a new version, you need to follow an upgrade sequence, installing each incremental version one by one. For example, you might need to upgrade from 1.24 to 1.25, then from 1.25 to 1.26, and finally from 1.26 to 1.27.

You may have changed the name of the deployment.json file during your original platform deployment. If so, make sure that you swap up the name wherever it appears in this document.

Remove components

In the 5.7 templates, the cluster-level components will upgrade to the latest version. You need to remove kube-prometheus-stack, logging-operator app and kafka-cluster from ArgoCD. This change deletes your recent metrics from Grafana and you will only see the latest metrics after you deploy the new kube-prometheus-stack. The older CRDs created by kube-prometheus-stack and logging-operator charts aren't removed by default during upgrade and should be manually cleaned up with the below commands:

kubectl delete crd alertmanagerconfigs.monitoring.coreos.com alertmanagers.monitoring.coreos.com podmonitors.monitoring.coreos.com probes.monitoring.coreos.com prometheusagents.monitoring.coreos.com prometheuses.monitoring.coreos.com prometheusrules.monitoring.coreos.com scrapeconfigs.monitoring.coreos.com servicemonitors.monitoring.coreos.com thanosrulers.monitoring.coreos.com

kubectl delete crd clusterflows.logging.banzaicloud.io clusteroutputs.logging.banzaicloud.io flows.logging.banzaicloud.io loggings.logging.banzaicloud.io outputs.logging.banzaicloud.io eventtailers.logging-extensions.banzaicloud.io fluentbitagents.logging.banzaicloud.io hosttailers.logging-extensions.banzaicloud.io nodeagents.logging.banzaicloud.io syslogngclusterflows.logging.banzaicloud.io syslogngclusterflows.logging.banzaicloud.io syslogngclusteroutputs.logging.banzaicloud.io syslogngflows.logging.banzaicloud.io syslogngoutputs.logging.banzaicloud.io

Upgrade and redeploy components

Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
```
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
```
Commit all of your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy ArgoCD:
```
bash deploy_argocd.sh
```
Validate ArgoCD pods are running and check that ArgoCD is upgraded v2.7.6 by accessing the ArgoCD application Console.
Execute the following command to deploy cluster components and Cinchy components:
```
bash deploy_cluster_components.sh
bash deploy_cinchy_components.sh
```
You might see a couple of ArgoCD apps out of sync because you deleted the logging operator. Sync them manually. Redis will take a few minutes to recover.

Upgrade AWS EKS and Azure AKS

To upgrade the AWS EKS and Azure AKS version from 1.24 up to 1.27.x, you have two methods. The method depends on the status of the subnet CIDR range. The CIDR is a blocker for Azure only. For AWS export credentials and for Azure run the az login command, if required.

CIDR range higher than 10.10.0.0/22

If you have AKS subnet CIDR range higher than 10.10.0.0/22 then you can use the 1.25.x and later AKS upgrade without much downtime and AKS resource teardown.

Go to your cinchy.devops.automations repository and change AKS/EKS version in deployment.json (or <cluster name>.json) within the same directory.
From a shell/terminal, navigate to the cinchy.devops.automations directory location and execute the following command:
```
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
```

AWS - Cinchy.terraform repository structure

The AWS deployment updates a folder named eks_cluster in the Terraform > AWS directory. Within that directory is a subdirectory with the same name as the created cluster.

To perform terraform operations, the cluster directory must be the working directory during execution.

Azure - Cinchy.terraform repository structure

The Azure deployment updates a folder named aks_cluster Within the Terraform > Azure directory. Within that directory is a subdirectory with the same name as the created cluster.

For AWS and Azure export credentials run the az login command if required.

Run the command below to start the upgrade process. Make sure to verify before you select yes to upgrade the process. This shouldn't delete or destroy any data. It runs an in-place deployment that will update the Kubernetes version.

bash create.sh

CIDR range lower than 10.10.0.0/22

This section is only applicable to Azure deployments.

If you have 10.10.0.0/22 CIDR range or smaller, then you won't be able to upgrade AKS version to 1.25.x. The 10.10.0.0/22 CIDR range gives you 1024 IP addresses, which aren't enough to run more than 4 worker nodes. Most customers already run 3 worker nodes and the upgrade process starts another 3 nodes, which will cause a failure.

The values below gives the suggested IP address CIDR range. Cinchy recommends to make your own choice based on your needs. Update these values in your deployment.json file:

          "address_space": "10.10.0.0/19",
          "subnet_prefix": "10.10.0.0/20"
          "net_profile_service_cidr": "10.1.4.0/22",
          "net_profile_dns_service_ip": "10.1.4.2",

Delete cluster components, Cinchy components, and ArgoCD apps

Make sure you are connected to the appropriate cluster. Before you start the upgrade process of AKS, you must delete all your apps from ArgoCD which will delete Cinchy apps and custom components from ArgoCD, which includes load balancer as well kafka-cluster.

To delete Cinchy apps, cluster components and ArgoCD:

From terminal change directory to cinchy.argocd and run the commands below sequentially. Make sure to change your cluster(directory) name and environment name in below commands:

kubectl delete -k environment_kustomizations/CLUSTER_NAME/cluster_components
kubectl delete -k environment_kustomizations/CLUSTER_NAME/ENVIRONMENT_NAME/cinchy
kubectl delete -k argocd

If cluster components deletion takes longer than 10 minutes, run the command below. Check that all pods are deleted except Kubernetes default namespace(kube-system) pods.
```
kubectl patch app $(kubectl get applications -n argocd --no-headers | awk '{print $1}') -p '{"metadata":{"finalizers":null}}' --type=merge -n argocd
```
Verify the deletion of pods for all namespaces with the kubectl get pods -A command. If the namespaces and pods aren't deleted for some cluster components, then delete the namespace manually with command kubectl delete ns NAMESPACE.

Deploy

Change the AKS version in DevOps automation tools deployment.json against kubernetes_version and orchestrator_version key values. From a shell/terminal, go to the cinchy.devops.automations directory location and execute the following command:
```
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
```
In the Terraform > Azure directory, a new folder named aks_cluster should be updated with the AKS version. In that directory is a subdirectory with the same name as the newly updated cluster.
Launch a shell/terminal with the working directory set to the cluster directory within the cinchy.terraform repository and run az login.
Execute the following command to create the cluster:
```
bash create.sh
```

Before accepting the change, verify that it meets your expectations and ensures the protection of your database and any other resources. This command will create, update, or destroy vnet, subnet, AKS cluster, and AKS node groups. Make sure to review the changes before proceeding.

Upgrade AWS EKS Kubernetes version

This page will guide you through how to update your AWS EKS Kubernetes version for your Cinchy v5 platform.

Overview

This page will guide you through how to update your AWS EKS Kubernetes version for your Cinchy v5 platform.

Prerequisites

Update your Cinchy platform to the latest version.
Confirm the latest Cinchy supported version of EKS. You can find the version number in the cinchy.devops.automations\aws-deployment.json as "cluster_version": "1.xx".

Considerations

You must upgrade your EKS sequentially. For example, if you are on EKS cluster version 1.22 and wish to upgrade to 1.24, you must upgrade from 1.22 > 1.23 > 1.24.

Instructions

Navigate to your cinchy.devops.automations\aws-deployment.json file.
Change the cluster_version key value to the EKS version you wish to upgrade to. (Example: "1.24")
Open a shell/terminal and navigate to the cinchy.devops.automations directory location.
Execute the following command:

dotnet Cinchy.DevOps.Automations.dll "deployment.json"

Commit changes for all the repositories (cinchy.argocd, cinchy.kubernetes, cinchy.terraform and cinchy.devops.automation).
Open a new shell/terminal and navigate to the cinchy.terraform\aws\eks_cluster\CLUSTER_NAME directory location.
Execute the following command:

bash create.sh

Verify the changes are as expected and then accept.

This process will first upgrade the managed master node version and then the worker nodes. During the upgrade process, existing pods get migrated to new worker nodes and all pods will get migrated to new upgraded worker nodes automatically.

The below two commands can be used to verify that all pods are being migrated to new worker nodes.

To show both old and new nodes:

kubectl get nodes #

To show all the pods on the new worker nodes and the old worker nodes.

kubectl get pods --all-namespaces -o wide #

Reinstall the metrics server

For EKS version 1.24, the metrics server goes into a crashed loop status. Reinstalling the metrics server will fix this, should you encounter this during your upgrade.

In a code editor, open the cinchy.terraform\aws\eks_cluster\CLUSTER_NAME\new-vpc.tf or existing-VPC.tf file.
Find the enable_metrics_server key and mark its value to false.
Open a new shell/terminal and navigate to the cinchy.terraform\aws\eks_cluster\CLUSTER_NAME file.
Run the below command to remove metrics server.

terraform apply

Revert the enable_metrics_server key value from step 1 to true.
Run the below command within the same shell/terminal as step 3 to deploy metrics server with

 terraform apply

Update the Kubernetes Image Registry

Overview

The Kubernetes project runs a community-owned image registry called registry.k8s.io in which to host its container images. On April 3rd, 2023, the registry k8s.gcr.io was deprecated and no further images for Kubernetes and related subprojects are being pushed to this location.

**Instead, there is a new registry: **registry.k8s.io.

New Cinchy Deployments: this change will be automatically reflected in your installation.

For Current Cinchy Deployments: please follow the instructions outlined in this upgrade guide to ensure your components are pointed to the correct image repo.

You can review the full details on this change here: https://kubernetes.io/blog/2023/02/06/k8s-gcr-io-freeze-announcement/

Update Instructions

In a shell/terminal, run the below command to get a list of all the pods that are pointing to the old registry: k8s.gcr.io. These will need to be updated to point to the new image registry.

kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c
grep "k8s.gcr.io"

Once you find which pods are using old image registry, you need to update its deployment/daemonset/stateful set with new registry.k8s.io registry. Find the right resource type for your pods with below command:

kubectl get deployment,daemonset,statefulset --all-namespaces

Once you have your pod name and resource type, run the below command to open the manifest file in an editor:

The below command uses the autoscaler as an example. You will want to propagate the command with your correct pod and resource type.

kubectl edit deployment cluster-autoscaler -n kube-system

In the editor, find any instances of k8s.gcr.io and replace it with registry.k8s.io.
Save and close the file.
Repeat steps 3-5 for the rest of your pods until they're all pointing to the correct registry.

Upgrade Azure Kubernetes Service (AKS)

This page details the process for upgrading your AKS instance once you've deployed Cinchy v5 on Kuubernetes.

Overview

AKS (Azure Kubernetes Service) is a managed K8 service used when deploying Cinchy v5 over Azure. Once you have deployed your v5 instance of Cinchy, you may want to upgrade your AKS to a newer version. You can do so with the below guide.

Prerequisites

Before proceeding for the AKS version upgrade, ensure that you have enough IP address space, as this process will need to start new nodes and pods.

You will need more than 1024 IP addresses in total when you have single Cinchy instance/environment.

If you have limited IP address space, you can upgrade the master node and then the worker node pools one by one.

Before proceeding, make sure to check with Cinchy support which versions of Kubernetes are supported by this process.

Upgrading AKS

Navigate to your ArgoCD Dashboard.
Find and click on your Istio app > disable auto-sync.
Find and click on your Istio-ingress app > disable auto-sync.
Open a terminal and run the following command to get the currently available Kubernetes versions for AKS, inputting your AKS cluster name and resource group where specified:

az aks get-upgrades --resource-group <myresourcegroup> --name <myaksclustername> --output table

Within your cinchy.devops.automations folder/repo, navigate to the deployment-azure.json file and change the values for kubernetes_version and orchestrator_version to the currently available Kubernetes version found in step 4.
Within the cinchy.devops.automations folder/repo, run the following command to push your new values:

dotnet Cinchy.DevOps.Automations.dll deployment-azure.json

Within your cinchy.terraform/azure/aks_cluster/ directory, run bash create.sh and accept the change.
AKS has three node pools, one node pool per availability zone. Terraform will now start the upgrade of the master node and the zone1 node pool.
Verify which nodes that the istio-ingressgateway and istiod pods are running on with below command.

kubectl get pods -n istio-system -o wide

In the output you will see aks-zone1/2/3-xxxxx under the Nodes column.

If one or both pods are running on aks-zone1-xxxxx then you need to scale up replicas 2 by following steps 12-14. If not, skip to step 15.

Use the following command to start replica on zone2 or zone3 nodes; once you scale down it will terminate from zone1 upgrading nodes.

kubectl scale --replicas=2 deployment.apps/istio-ingressgateway -n istio-system
kubectl scale --replicas=2 deployment.apps/istiod -n istio-system

Verify that new pods are running on other node pool by running the following command:

kubectl get pods -n istio-system -o wide

Run the following command to scale it back. This will remove the pod from cordoned node:

kubectl scale --replicas=1 deployment.apps/istio-ingressgateway -n istio-system
kubectl scale --replicas=1 deployment.apps/istiod -n istio-system
kubectl get pods -n istio-system -o wide

Once Maser node and zone1 upgrade is done, you will see a message such as:

module.aks.azurerm_kubernetes_cluster.main: Modifications complete after 9m23s [id=/subscriptions/e5d6912-eeaa-461c-8f6-30e7c6d945a/resourceGroups/<vnet>/providers/Microsoft.ContainerService/managedClusters/<myaksclustername>]

The Terraform script will continue with the zone2 and zone3 node pool upgrade. You will see messages like the below when thee zone2 and zone3 node pool upgrade is in process:

module.aks-node-pool.azurerm_kubernetes_cluster_node_pool.node_pool["zone2"]: Modifying... [id=/subscriptions/ed16912-eeaa-461c-8f36-30e76de945a/resourceGroups/<vnet>/providers/Microsoft.ContainerService/managedClusters/<myaksclustername>/agentPools/zone2]`

`module.aks-node-pool.azurerm_kubernetes_cluster_node_pool.node_pool["zone3"]: Modifying... [id=/subscriptions/e5d1612-eeaa-461c-8f36-30e7c6e945a/resourceGroups/<vnet>/providers/Microsoft.ContainerService/managedClusters/<myaksclustername>/agentPools/zone3]

Repeat steps 11-13. This will make sure that istio-ingressgateway and istiod are running on zone1 nodes.
Return to your ArgoCD dashboard and re-enable the auto sync for Istio and Istio-ingress apps auto sync on ArgoCD dashboard.

IIS upgrades

Overview

The pages under this section can be used to help guide you through an upgrade of your Cinchy instance on IIS.

v4.21 (IIS)

This page details the upgrade process for Cinchy v4.21 on IIS.

Upgrading on IIS

This process can be run when upgrading from a Cinchy version that's not v5.0+.

Prerequisites

to take a backup of your database.
Extract thefor the version you wish to upgrade to.

Upgrade process

Swap out the following configs with your current instance configs:
1. Cinchy/web.config
2. CinchySSO/appsettings.json
3. Log4net.config
4. Web.config
Execute the following command:

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

Start Cinchy in your browser.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v4.x to v5.x (IIS)

This page details the upgrade process for Cinchy v4.x to v5.x on IIS.

Upgrading on IIS (v4 to v5+)

Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.2** or higher, please see the and follow the directives on that page. This process can be run when upgrading your IIS v4 instance to any v5+ instance

If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in steps 3.2.2 and 3.3.2. Adding will allow you to bypass the certificate chain during validation.

Ex:

Prerequisites

to take a backup of your database.
Extract thefor the version you wish to upgrade to.

Update the CinchySSO appsettings.json

Open the C:\CinchySSO\appsettings.json file in a text editor and update the values below.

AppSettings

Under AppSettings section, update the values outlined in the table.
Wherever you see <base url> in the value, replace this with the actual protocol (HTTP or HTTPS) and the domain name (or IP address) you plan to use.

Ex:. if you're using HTTPS with the domain app.cinchy.co, then <base url> should be replaced with https://app.cinchy.co

Key

Value

4.18.0+ includes session expiration based on the CinchyAccessTokenLifetime. For the default of 0.00:30:00, this means that if you have been inactive in Cinchy for 30 minutes, your session will expire and you will need to log in again.

SSO values

The values below are only required for SSO, otherwise leave them as blank.

Connection String

In order for the application to connect to the database, the "SqlServer" value needs to be set.

Ex:

Ensure your database type is set to TSQL.

Find and update the value under the "ConnectionStrings" section:

External identity claim section

Under the "ExternalIdentityClaimSection" section you'll see the following values.

These values are used for SAML SSO. If you aren't using SSO, keep these values as blank

Serilog

"Serilog" has a property that allows you to configure where it logs to. In the below code, update the following:
1. "Name" must be set to "File" so it writes to a physical file on the disk.
2. "Path" must be set to the file path to where you want it to log.

Update the Cinchy appsettings.json

Navigate to C:\Cinchy
Delete the appsettings.Development.json
Navigate to the appsettings.json file and update the following properties:

1.3.1 AppSettings

Connection String

In order for the application to connect to the database, the "SqlServer" value needs to be set.

Ex:

Ensure your database type is set to TSQL

Find and update the value under the "ConnectionStrings" section:

1.3.3 Serilog

"Serilog" has a property that allows you to configure where it logs to. In the below code, update the following:
- "Name" must be set to "File" so it writes to a physical file on the disk.
- "Path" must be set to the file path to where you want it to log.

You can also use an alternative setting if you want to have rolling log files with retention settings by adding in the following parameters:

Your full "Serilog" property, if you choose to use the alternative settings, would look like this, inputting your own variables as required:

Configure the IIS Manager and running your upgrade

Open your Internet Information Services (IIS) Manager.
Navigate to Connections > Sites.
Right click on the Cinchy site and select Manage Application > Advanced Settings.
Change the Cinchy folder path to that of the version you're deploying.
Right click on the CinchySSO site and select Manage Application > Advanced Settings
Ensure that both Applications Pools for Cinchy and CinchySSO have their .NET CLR Versions set to No Managed Code.
Change the Cinchy SSO folder path to that of the version you're deploying.
Execute the following command:

Execute the following command:

Open your Cinchy URL in your browser.

Because Cinchy v5 creates new tables and assets in the background upon initialization, this first startup may take longer to fully load than usual.

Ensure that you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.1 (IIS)

This page details the upgrade process for Cinchy v5.1 on IIS.

Upgrading on IIS

The following process can be run when upgrading from v5.0 to v5.1 on IIS.

Prerequisites

Take a backup of your database.
Extract thefor the version you wish to upgrade to.

Upgrade process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
Execute the following command:

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

Open your Cinchy URL in your browser.
Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.2 (IIS)

This page details the upgrade process for Cinchy v5.2 on IIS.

Upgrading on IIS

Warning:** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.2 or higher,** you must run a mandatory process _(Upgrade 5.2)_ .

The following process can be run when upgrading any v5.x instance to v5.2 on IIS.

Prerequisites

Take a backup of your database.
Extract thefor the version you wish to upgrade to.

Upgrade process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
Execute the following command:

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

Open your Cinchy URL in your browser.
Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.3 (IIS)

This page details the upgrade process for Cinchy v5.3 on IIS.

Upgrading on IIS

Warning:** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.3**, you must first run a mandatory process (Upgrade 5.2) and deploy version 5.2. Once complete, you can continue on with your 5.3 upgrade.

The following process can be run when upgrading any v5.x instance to Cinchy v5.3 on IIS.

Prerequisites

Take a backup of your database.
Extract thefor the version you wish to upgrade to.

Upgrade Process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
Execute the following command:

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

Open your Cinchy URL in your browser.
Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.4 (IIS)

This page details the upgrade process for Cinchy v5.4 on IIS.

Upgrading on IIS

Warning:** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.4,** you must first run a mandatory process (Upgrade 5.2) and deploy version 5.2. Once complete, you can continue on with your 5.4 upgrade.

If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in your SSO and Cinchy appsettings.json. Adding will allow you to bypass the certificate chain during validation.

Ex:

The following process can be run when upgrading any v5.x instance to v5.4 on IIS.

Prerequisites

Take a backup of your database.
Extract thefor the version you wish to upgrade to.

Upgrade Process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings.json. Adding will allow you to bypass the certificate chain during validation.
Ex:
Execute the following command:

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

Open your Cinchy URL in your browser.

7. Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.5 (IIS)

Upgrading on IIS

The following process can be run when upgrading any v5.x instance to v5.5 on IIS.

Warning: This release requires you to run the Cinchy Upgrade Utility.Please review and follow the directives for Upgrade 5.5 here.

Additionally,** If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.5, you must first run a mandatory process (Upgrade 5.2)** using the Cinchy Utility and deploy version 5.2. Once complete, you can continue on with your 5.5 upgrade.

If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.

Ex:

"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"

Prerequisites

Take a backup of your database.
Extract the new build for the version you wish to upgrade to.
Download .NET 6.0

Upgrade process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
If you are upgrading to 5.5 on an SQL Server Database and didn't do so in any previous updates, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
```
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"
```
Execute the following command:

iisreset -stop

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

iisreset -start

Open your Cinchy URL in your browser.
Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.6 (IIS)

Upgrading on IIS

The following process can be run when upgrading any v5.x instance to v5.6 on IIS.

Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.2)** using the Cinchy Utility and deploy version 5.2.

If you are upgrading from Cinchy v5.3 or lower to v5.5+ on an SQL Server Database, you will need to make a change to your connectionString in your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.

Ex:

"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"

Warning:** If you are upgrading from Cinchy v5.4 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.5)** using the Cinchy Utility and deploy version 5.5.

The upgrade of any version to Cinchy v5.6 requires changes to be made to various App Setting files. See section 1.2, step 3, for further details.

Prerequisites

Take a backup of your database.
Extract the new buildfor the version you wish to upgrade to.
Download .NET 6.0

Upgrade process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
If you are upgrading to 5.6 on an SQL Server Database and didn't do so in any previous updates, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
```
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"
```
When upgrading to 5.6, you are required to make the following changes to various appsettings.json files:

CinchySSO\appsettings.json

Navigate to your CinchySSO\appsettings.json file and make the following changes:

ADD the following value:
- "StsPrivateOriginUri" - This should be the private base URL used by the .well-known discovery. If left blank will match the request URL. /cinchysso

    "AppSettings": {
      "CinchyUri": "http://localhost",
      "CertificatePath": "C:\\inetpub\\wwwroot\\cinchysso\\cinchyidentitysrv.pfx",
      "CertificatePassword": "",
      "SAMLClientEntityId": "",
      "SAMLIDPEntityId": "",
      "SAMLMetadataXmlPath": "",
      "SAMLSSOServiceURL": "",
      "SAMLEncryptedCertificatePath": "",
      "SAMLEncryptedCertificatePassword": "",
      "SAMLSignCertificatePath": "",
      "SAMLSignCertificatePassword": "",
      "HstsMaxAge": 2592000,
      "HstsIncludeSubDomains": false,
      "HstsPreload": false,
      "SAMLSignCertificateMinAlgorithm": "",
      "SAMLSignCertificateSigningBehaviour": "",
      "AcsURLModule": "",
      "StsPublicOriginUri": "",
      // Add in the below "StsPrivateOriginUri".
      //This should be the private base URL used by the .well-known discovery.
      // If left blank will match the request URL. /cinchysso
      "StsPrivateOriginUri": "",
      "MaxRequestHeadersTotalSize": 65536,
      "MaxRequestBufferSize": 65536,
      "MaxRequestBodySize": -1,
      "MachineKeyXml": "",
      "DpApiKeyRingPath": "",
      "TlsVersion": "",
      "CinchyAccessTokenLifetime": "7.00:00:00",
      "DataChangeCallbackTimeout": 7,
      "RefreshCacheTimeInMin": 10,
      "DefaultExpirationCacheTimeInMin": 360,
      "DBType": "PostgreSQL"

Cinchy\appsettings.json

Navigate to your Cinchy\appsettings.json file and make the following changes:

REMOVE the following values:
- "StsAuthorityUri"
- "RequireHttpsMetadata"
ADD the following values:
- "StsPrivateAuthorityUri" - This should match your private Cinchy SSO URL.
- "StsPublicAuthorityUri" - This should match your public Cinchy SSO URL.
- "CinchyPrivateUri" - This should match your private Cinchy URL.
- "CinchyPublicUri" - This should match your public Cinchy URL.

    "AppSettings": {
    // Add the below "StsPrivateAuthorityUri" value.
    // This should match your private Cinchy SSO URL.
      "StsPrivateAuthorityUri": "",
   // Add the below "StsPublicAuthorityUri" value.
   // This should match your public Cinchy SSO URL.
      "StsPublicAuthorityUri": "",
   // Add the below "CinchyPrivateUri" value.
   // This should match your private Cinchy URL.
      "CinchyPrivateUri": "",
   // Add the below "CinchyPublicUri" value.
   // This should match your public Cinchy URL.
      "CinchyPublicUri": "",
      "AllowLogFileDownload": false,
      "LogDirectoryPath": "C:\\CinchyLogs\\CinchyWeb",
      "SSOLogPath": "C:\\CinchyLogs\\CinchySSO\\log.json",
      "UseHttps": true,
      "HstsMaxAge": 2592000,
      "HstsIncludeSubDomains": false,
      "HstsPreload": false,
      "TlsVersion": "",
      "RouteDebuggerEnabled": false,
      "RefreshCacheTimeInMin": 10,
      "DefaultExpirationCacheTimeInMin": 360,
      "DBType": "PostgreSQL",
      "StorageType": "Local", // Local | S3 | AzureBlobStorage
      "MaxRequestBodySize": 1073741824 // 1gb
    },

Worker Directory appsettings.json

Navigate to your appsettings.json file within your Cinchy Worker directory and make the following changes:

ADD a new section titled CinchyClientSettings, following the below code snippet as a guide:

{
  "CinchyClientSettings": {
    "Url": "",      // Cinchy Url
    "Username": "", // For Cinchy v4 only, remove otherwise
    "Password": ""  // For Cinchy v5, this should be the password for the user connections@cinchy.com. For v4 this will be the desired user's password.
  },

REMOVE the following:
- "AuthServiceDomain"
- "UseHttps"

Event Listener Directory appsettings.json

Navigate to your appsettings.json file within your Cinchy Listener directory and make the following changes:

ADD a new section titled CinchyClientSettings, following the below code snippet as a guide:

  "CinchyClientSettings": {
    "Url": "", // Cinchy Url
    "Username": "", // For Cinchy v4, remove otherwise
    "Password": "" // For Cinchy v5, this should be the password for the user eventlistener@cinchy.com. For v4 this will be the desired user's password.
  }

REMOVE the following:
- "StateFileLocation"
- "Path"

Execute the following command:

iisreset -stop

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

iisreset -start

Open your Cinchy URL in your browser.
Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

v5.7 (IIS)

Upgrading on IIS

The following process can be run when upgrading any v5.x instance to v5.7 on IIS.

Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.2)** using the Cinchy Utility and deploy version 5.2.

Ex:

"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"

Warning:** If you are upgrading from Cinchy v5.4 or lower to Cinchy v5.7, you must first run a mandatory process (Upgrade 5.5)** using the Cinchy Utility and deploy version 5.5.

The upgrade of any version to Cinchy v5.7 requires changes to be made to various App Setting files. See section 1.2, step 3, for further details.

Prerequisites

Take a backup of your database.
Extract the new buildfor the version you wish to upgrade to.
Download .NET 6.0

Upgrade process

Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
If you are upgrading to 5.7 on an SQL Server Database and didn't do so in any previous updates, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
```
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"
```
When upgrading to 5.7, you are required to make the following changes to various appsettings.json files:

CinchySSO\appsettings.json

Navigate to your CinchySSO\appsettings.json file and make the following changes:

ADD the following value:
- "StsPrivateOriginUri" - This should be the private base URL used by the .well-known discovery. If left blank will match the request URL. /cinchysso

    "AppSettings": {
      "CinchyUri": "http://localhost",
      "CertificatePath": "C:\\inetpub\\wwwroot\\cinchysso\\cinchyidentitysrv.pfx",
      "CertificatePassword": "",
      "SAMLClientEntityId": "",
      "SAMLIDPEntityId": "",
      "SAMLMetadataXmlPath": "",
      "SAMLSSOServiceURL": "",
      "SAMLEncryptedCertificatePath": "",
      "SAMLEncryptedCertificatePassword": "",
      "SAMLSignCertificatePath": "",
      "SAMLSignCertificatePassword": "",
      "HstsMaxAge": 2592000,
      "HstsIncludeSubDomains": false,
      "HstsPreload": false,
      "SAMLSignCertificateMinAlgorithm": "",
      "SAMLSignCertificateSigningBehaviour": "",
      "AcsURLModule": "",
      "StsPublicOriginUri": "",
      // Add in the below "StsPrivateOriginUri".
      //This should be the private base URL used by the .well-known discovery.
      // If left blank will match the request URL. /cinchysso
      "StsPrivateOriginUri": "",
      "MaxRequestHeadersTotalSize": 65536,
      "MaxRequestBufferSize": 65536,
      "MaxRequestBodySize": -1,
      "MachineKeyXml": "",
      "DpApiKeyRingPath": "",
      "TlsVersion": "",
      "CinchyAccessTokenLifetime": "7.00:00:00",
      "DataChangeCallbackTimeout": 7,
      "RefreshCacheTimeInMin": 10,
      "DefaultExpirationCacheTimeInMin": 360,
      "DBType": "PostgreSQL"

Cinchy\appsettings.json

Navigate to your Cinchy\appsettings.json file and make the following changes:

REMOVE the following values:
- "StsAuthorityUri"
- "RequireHttpsMetadata"
ADD the following values:
- "StsPrivateAuthorityUri" - This should match your private Cinchy SSO URL.
- "StsPublicAuthorityUri" - This should match your public Cinchy SSO URL.
- "CinchyPrivateUri" - This should match your private Cinchy URL.
- "CinchyPublicUri" - This should match your public Cinchy URL.

    "AppSettings": {
    // Add the below "StsPrivateAuthorityUri" value.
    // This should match your private Cinchy SSO URL.
      "StsPrivateAuthorityUri": "",
   // Add the below "StsPublicAuthorityUri" value.
   // This should match your public Cinchy SSO URL.
      "StsPublicAuthorityUri": "",
   // Add the below "CinchyPrivateUri" value.
   // This should match your private Cinchy URL.
      "CinchyPrivateUri": "",
   // Add the below "CinchyPublicUri" value.
   // This should match your public Cinchy URL.
      "CinchyPublicUri": "",
      "AllowLogFileDownload": false,
      "LogDirectoryPath": "C:\\CinchyLogs\\CinchyWeb",
      "SSOLogPath": "C:\\CinchyLogs\\CinchySSO\\log.json",
      "UseHttps": true,
      "HstsMaxAge": 2592000,
      "HstsIncludeSubDomains": false,
      "HstsPreload": false,
      "TlsVersion": "",
      "RouteDebuggerEnabled": false,
      "RefreshCacheTimeInMin": 10,
      "DefaultExpirationCacheTimeInMin": 360,
      "DBType": "PostgreSQL",
      "StorageType": "Local", // Local | S3 | AzureBlobStorage
      "MaxRequestBodySize": 1073741824 // 1gb
    },

Worker Directory appsettings.json

Navigate to your appsettings.json file within your Cinchy Worker directory and make the following changes:

ADD a new section titled CinchyClientSettings, following the below code snippet as a guide:

{
  "CinchyClientSettings": {
    "Url": "",      // Cinchy Url
    "Username": "", // For Cinchy v4 only, remove otherwise
    "Password": ""  // For Cinchy v5, this should be the password for the user connections@cinchy.com. For v4 this will be the desired user's password.
  },

REMOVE the following:
- "AuthServiceDomain"
- "UseHttps"

Event Listener Directory appsettings.json

Navigate to your appsettings.json file within your Cinchy Listener directory and make the following changes:

ADD a new section titled CinchyClientSettings, following the below code snippet as a guide:

  "CinchyClientSettings": {
    "Url": "", // Cinchy Url
    "Username": "", // For Cinchy v4, remove otherwise
    "Password": "" // For Cinchy v5, this should be the password for the user eventlistener@cinchy.com. For v4 this will be the desired user's password.
  }

REMOVE the following:
- "StateFileLocation"
- "Path"

Execute the following command:

iisreset -stop

Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:

iisreset -start

Open your Cinchy URL in your browser.
Ensure you can log in.

If you encounter an error during this process, restore your database backup and contact Cinchy Support.

Upgrading from v4 to v5

Upgrading to v5 on Kubernetes

When you upgrade to Cinchy v5 on Kubernetes you are creating a separate instance. You will need to plan the migration of your database, and then follow the deployment installation guide.

Upgrading to v5 on IIS

To upgrade from v4+ to v5+ on IIS, review the documentation here.

Compatibility issues between databases or versions

If you choose to upgrade to Cinchy v5 on PostgreSQL, please review the following features that aren't currently available in that deployment.

These may be implemented in future versions of the platform.

No Partitioning
No Geospatial features
No Column Indexing
No Full Text Indexing
No Column Level Encryption

You may also wish to review the list of CQL functions currently unsupported in PGSQL. Please note that this is a living document and that the development team is actively working on function translations between databases. Make sure to check back for the most up to date information.

CQL Functions

v5.7 (Kubernetes)

What's new

The major changes for the 5.7 Kubernetes upgrade are the following:

The Azure AKS and AWS EKS version supports up to 1.27
Upgraded ArgoCD from 2.1.7 to v2.7.6
Upgraded Istio from 1.3.1 to 1.18.0
OpenSearch from 1.2.0 to 2.13.1
Upgraded Logging Operator from 3.17.2 to 4.2.2
Upgraded Kube Prometheus Stack from 17.2.2 to 47.0.0
Upgraded Strimzi Kafka Operator from 0.1.0 to 0.34.0
New app Kafka UI 0.7.1
OpenSearch Index creation based on date format

Upgrading on Kubernetes

To upgrade your various components, follow the instructions below in the order presented.

Prerequisites

If you have made custom changes to your deployment file structure, please contact your Support team before you upgrade your environments.

Upgrade from 5.1 or lower

If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.7, you must run Upgrade 5.2 using the Cinchy Utility and deploy version 5.2.

Upgrade from v5.2 or higher

If you are upgrading from 5.2 or higher, follow the 5.7 upgrade instructions below, then use the Cinchy Utility and deploy the target version using the -v "X.X" argument.

Configure to the newest version

Clean existing repositories

Go to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
Go to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file.

Go to your cinchy.terraform repository. Delete all existing folder structure except for the .git file.
Go to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and your deployment.json.

Download k8s template

Download and open the new Cinchy v5.7 k8s-template.zip file from the Cinchy Releases table and place the files into their respective cinchy.kubernetes, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Go to the new aws.json/azure.json files and compare them with your current deployment.json file. All additional fields in the new aws.json/azure.json files should be added to your current deployment.json.
Update the Kubernetes version in your deployment.json. To upgrade EKS to a new version, you need to follow an upgrade sequence, installing each incremental version one by one. For example, you might need to upgrade from 1.24 to 1.25, then from 1.25 to 1.26, and finally from 1.26 to 1.27.

You may have changed the name of the deployment.json file during your original platform deployment. If so, make sure that you swap up the name wherever it appears in this document.

Remove components

kubectl delete crd alertmanagerconfigs.monitoring.coreos.com alertmanagers.monitoring.coreos.com podmonitors.monitoring.coreos.com probes.monitoring.coreos.com prometheusagents.monitoring.coreos.com prometheuses.monitoring.coreos.com prometheusrules.monitoring.coreos.com scrapeconfigs.monitoring.coreos.com servicemonitors.monitoring.coreos.com thanosrulers.monitoring.coreos.com

kubectl delete crd clusterflows.logging.banzaicloud.io clusteroutputs.logging.banzaicloud.io flows.logging.banzaicloud.io loggings.logging.banzaicloud.io outputs.logging.banzaicloud.io eventtailers.logging-extensions.banzaicloud.io fluentbitagents.logging.banzaicloud.io hosttailers.logging-extensions.banzaicloud.io nodeagents.logging.banzaicloud.io syslogngclusterflows.logging.banzaicloud.io syslogngclusterflows.logging.banzaicloud.io syslogngclusteroutputs.logging.banzaicloud.io syslogngflows.logging.banzaicloud.io syslogngoutputs.logging.banzaicloud.io

Upgrade and redeploy components

Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
```
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
```
Commit all of your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy ArgoCD:
```
bash deploy_argocd.sh
```
Validate ArgoCD pods are running and check that ArgoCD is upgraded v2.7.6 by accessing the ArgoCD application Console.
Execute the following command to deploy cluster components and Cinchy components:
```
bash deploy_cluster_components.sh
bash deploy_cinchy_components.sh
```
You might see a couple of ArgoCD apps out of sync because you deleted the logging operator. Sync them manually. Redis will take a few minutes to recover.

Upgrade AWS EKS and Azure AKS

CIDR range higher than 10.10.0.0/22

If you have AKS subnet CIDR range higher than 10.10.0.0/22 then you can use the 1.25.x and later AKS upgrade without much downtime and AKS resource teardown.

Go to your cinchy.devops.automations repository and change AKS/EKS version in deployment.json (or <cluster name>.json) within the same directory.
From a shell/terminal, navigate to the cinchy.devops.automations directory location and execute the following command:
```
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
```

AWS - Cinchy.terraform repository structure

The AWS deployment updates a folder named eks_cluster in the Terraform > AWS directory. Within that directory is a subdirectory with the same name as the created cluster.

To perform terraform operations, the cluster directory must be the working directory during execution.

Azure - Cinchy.terraform repository structure

The Azure deployment updates a folder named aks_cluster Within the Terraform > Azure directory. Within that directory is a subdirectory with the same name as the created cluster.

For AWS and Azure export credentials run the az login command if required.

bash create.sh

CIDR range lower than 10.10.0.0/22

This section is only applicable to Azure deployments.

The values below gives the suggested IP address CIDR range. Cinchy recommends to make your own choice based on your needs. Update these values in your deployment.json file:

          "address_space": "10.10.0.0/19",
          "subnet_prefix": "10.10.0.0/20"
          "net_profile_service_cidr": "10.1.4.0/22",
          "net_profile_dns_service_ip": "10.1.4.2",

Delete cluster components, Cinchy components, and ArgoCD apps

To delete Cinchy apps, cluster components and ArgoCD:

From terminal change directory to cinchy.argocd and run the commands below sequentially. Make sure to change your cluster(directory) name and environment name in below commands:

kubectl delete -k environment_kustomizations/CLUSTER_NAME/cluster_components
kubectl delete -k environment_kustomizations/CLUSTER_NAME/ENVIRONMENT_NAME/cinchy
kubectl delete -k argocd

If cluster components deletion takes longer than 10 minutes, run the command below. Check that all pods are deleted except Kubernetes default namespace(kube-system) pods.
```
kubectl patch app $(kubectl get applications -n argocd --no-headers | awk '{print $1}') -p '{"metadata":{"finalizers":null}}' --type=merge -n argocd
```
Verify the deletion of pods for all namespaces with the kubectl get pods -A command. If the namespaces and pods aren't deleted for some cluster components, then delete the namespace manually with command kubectl delete ns NAMESPACE.

Deploy

Change the AKS version in DevOps automation tools deployment.json against kubernetes_version and orchestrator_version key values. From a shell/terminal, go to the cinchy.devops.automations directory location and execute the following command:
```
dotnet Cinchy.DevOps.Automations.dll "deployment.json"
```
In the Terraform > Azure directory, a new folder named aks_cluster should be updated with the AKS version. In that directory is a subdirectory with the same name as the newly updated cluster.
Launch a shell/terminal with the working directory set to the cluster directory within the cinchy.terraform repository and run az login.
Execute the following command to create the cluster:
```
bash create.sh
```