When upgrading a sidecar from version 2.23.4 or earlier to version 2.23.5 or later, follow the steps below for your orchestration platform.
Starting in version 2.23.5, Cyral allows administrators more freedom in specifying which ports the sidecar will expose for data clients to connect to data repositories. In the past, a setting like postgresqlPorts (Helm 3) or sidecar_postgresql_ports (Terraform) allowed you to declare, in a repo-type-specific way, the range of ports where data clients could connect. Starting in version 2.23.5, you specify these available ports in a single list called sidecarPorts (Helm3) or sidecar_ports (Terraform).
Support for these settings on CloudFormation is coming in a future release.
Upgrading to 2.23.5 or later sidecars in a CloudFormation environment
Two new variables added: MongoDBPortAllocRangeLow and MongoDBPortAllocRangeHigh, but no special procedures are necessary during the upgrade.
Upgrading to 2.23.5 or later sidecars in a Helm 3 environment
Quick reference guide for sidecar upgrades in Helm 3 environments
If you use MongoDB, make sure to set all the necessary ports in sidecarPorts and also set the proper values for MongoDBPortAllocRangeLow and MongoDBPortAllocRangeHigh.
If you use Snowflake, make sure to set the port in loadBalancerTLSPorts.
If you have changed the default ports defined in previous templates using the parameters whose names follow the pattern, <DB-NAME>Ports, (for example, in postgresqlPorts) make sure that all the required ports are set instead using the new parameter, sidecarPorts.
New Variable: sidecarPorts
This variable replaces all the following previous variables:
sidecarPorts defines a reduced range of ports and assumes the following default list: [80, 443, 453, 1433, 1521, 3306, 3307, 5432, 27017, 27018, 27019, 31010]. Adjust this list accordingly if your sidecar requires ports that are not covered by the defaults, or if you don't want to expose all of the default ports.
Default value changed: loadBalancerTLSPorts
The default value for loadBalancerTLSPorts has changed from [443, 444] to .
Variable replaced: mongoPortAllocHigh
Replaced by mongoDBPortAllocRangeHigh.
New Variables: mongoDBPortAllocRangeLow and mongoDBPortAllocRangeHigh
Define the lower and upper limit values for the port allocation range reserved for MongoDB. This range must correspond to the range of ports declared in sidecarPorts that will be used for MongoDB. The default value assigned to sidecarPorts contains the consecutive ports 27017, 27018 and 27019 for MongoDB utilization. It means that the corresponding MongoDBPortAllocRangeLow is 27017 and MongoDBPortAllocRangeHigh is 27019. If you want to use a range of 10 ports for MongoDB, add all consecutive ports to sidecarPorts (ex: 27017, 27018, 27019, 27020, 27021, 27022, 27023, 27024, 27025, 27026) and define the first and last values in MongoDBPortAllocRangeLow (27017 in the example) and MongoDBPortAllocRangeHigh (27026 in the example).
Upgrading to 2.23.5 or later sidecars in a Terraform environment
Quick reference guide for sidecar upgrades in Terraform environments:
If you use MongoDB, make sure to set all the necessary ports in sidecar_ports and also set the proper values for mongodb_port_alloc_range_low and mongodb_port_alloc_range_high.
If you use Snowflake, make sure to set the port in load_balancer_tls_ports.
If you have changed the default ports defined in previous templates using the parameters whose names follow the pattern, sidecar_<DB-NAME>_ports, make sure that all required ports are set instead using the new parameter, sidecar_ports.
New sidecar_ports deployment parameter for Terraform
In Cyral sidecar v2.23.5 and later, the sidecar_ports setting lists the ports through which data clients can connect to repositories on this sidecar.
This variable replaces all of the following variables used in earlier sidecar versions:
sidecar_ports does not define a range of ports as the previous variables did. Instead you must list all the ports through which data clients will connect to repositories on this sidecar.
Example: sidecar_ports parameter on Terraform
For example, if you have two Microsoft SQL Server databases and four PostgreSQL databases that you want to expose using a single sidecar, and assuming you are starting with the default ports for each database vendor, then you could set the sidecar_ports set to include: [1433, 1434, 5432, 5433, 5434, 5435]. In this example, you would expose the two SQL Server instances on ports 1433 and 1434 and the four PostgreSQL instances on the remaining ports, meaning that users would connect to the database using, for example, mysidecar.mycompany.com:1433, mysidecar.mycompany.com:1434, and so on.
Maximum number of repository ports
The maximum number of ports that can be assigned to a sidecar depends on the maximum number of listeners per load balancer as defined by AWS (currently set to 50. See also the AWS documentation on Quotas for your Application Load Balancers ).
mongodb_port_alloc_range_low and mongodb_port_allow_range_high
These settings define the lower and upper limit values for the port allocation range reserved for MongoDB. This range must correspond to the range of ports declared in sidecar_ports that will be used for MongoDB. If you assign to sidecar_ports the consecutive ports 27017, 27018 and 27019 for MongoDB use, it means that the corresponding mongodb_port_alloc_range_low is 27017 and mongodb_port_alloc_range_high is 27019.
If you want to use a range of 10 ports for MongoDB, then you need to add all consecutive ports to your sidecar_ports list (for example, 27017, 27018, 27019, 27020, 27021, 27022, 27023, 27024, 27025, 27026) and define mongodb_port_alloc_range_low = 27017 and mongodb_port_alloc_range_high = 27026.