Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update prerequisite IAM permissions, clarify instructions #210

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Update prerequisite IAM permissions, clarify instructions #210

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
681b6d2
Add list of required IAM policies for EKS cluster and EKS node group
tylerwellman-tg Nov 30, 2023
a470e8d
Fix typo
tylerwellman-tg Nov 30, 2023
b1d844b
Clarify instructions regarding Amazon EBS CSI driver
tylerwellman-tg Nov 30, 2023
9df2691
Remove link to ftp server
tylerwellman-tg Nov 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 27 additions & 19 deletions k8s/docs/03-deploy/tigergraph-on-eks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,16 @@ Before proceeding with the deployment, make sure you have the following prerequi

- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed with the latest version. This will be used to install the EBS CSI driver `aws-ebs-csi-driver` if necessary.

- An existing [EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) with admin role permissions.
- An existing [EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) with appropriate IAM permissions:
- The EKS cluster requires an IAM role with the following AWS-managed IAM policies attached:
- `arn:aws:iam::aws:policy/AmazonEKSClusterPolicy`
- `arn:aws:iam::aws:policy/AmazonEKSServicePolicy`
- The EKS node group requires an IAM role with the following AWS-managed IAM policies attached:
- `arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy`
- `arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy`
- `arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly`
- `arn:aws:iam::aws:policy/AmazonEKSClusterPolicy`
- `arn:aws:iam::aws:policy/AmazonEKSVPCResourceController`

## Deploy TigerGraph Operator

Expand Down Expand Up @@ -138,6 +147,18 @@ To verify the successful deployment of the Operator, use the following command:
kubectl wait deployment tigergraph-operator-controller-manager --for condition=Available=True --timeout=120s -n ${YOUR_NAMESPACE}
```

### Install EBS CSI driver
The Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver manages the lifecycle of Amazon EBS volumes as storage for the Kubernetes Volumes that you create. [Official AWS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html)

```bash
aws eks create-addon --cluster-name ${YOUR_CLUSTER_NAME} --addon-name aws-ebs-csi-driver
```

#### Wait for the Amazon EBS CSI Driver deployment (ebs-csi-controller) to become available in the EKS cluster
```bash
kubectl wait --for=condition=Available=True deployment/ebs-csi-controller -n kube-system
```

## Deploy a TigerGraph Cluster

This section explains how to deploy a TigerGraph cluster on EKS using the `kubectl-tg` plugin and a CR (Custom Resource) YAML manifest.
Expand Down Expand Up @@ -235,31 +256,18 @@ Choose the appropriate StorageClass (e.g., `gp2`) when creating the TigerGraph c
Normal ExternalProvisioning 115s (x25 over 7m54s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "ebs.csi.aws.com" or manually created by system administrator
```

If you encounter the above issues, please resolve it using the following steps:

1. Make sure that the EKS cluster has been installed EBS CSI driver

```bash
kubectl get deployment ebs-csi-controller -n kube-system
```

2. If not, install EBS CSI driver through the following commands

> [!WARNING]
> Please ensure that the IAM role for the Amazon EBS CSI driver has been created. You can refer to the official AWS documentation [Creating the Amazon EBS CSI driver IAM role](https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html) for detailed instructions.

```bash
aws eks create-addon --cluster-name $YOUR_EKS_CLUSTER_NAME --addon-name aws-ebs-csi-driver
```
If you're facing the issues above, please check the following:
- Confirm that the EKS cluster and EKS node group have the necessary permissions. [See prerequisites](#prerequisites)
- Verify if the EBS CSI driver is correctly installed as an EKS add-on. [Installation steps](#install-ebs-csi-driver)

### Create a TigerGraph Cluster with Specific Options

You can create a new TigerGraph cluster with specific options, such as size, high availability, version, license, and resource specifications. Here's an example:

- Get and export free license
- Export license key as an environment variable

```bash
export LICENSE=$(curl -L "ftp://ftp.graphtiger.com/lic/license3.txt" -o "/tmp/license3.txt" 2>/dev/null && cat /tmp/license3.txt)
export LICENSE=<LICENSE_KEY>
```

- Create TigerGraph cluster with kubectl-tg plugin
Expand Down
Loading