From 681b6d25b96a6b04defa0fcfd7320ce040d54469 Mon Sep 17 00:00:00 2001 From: Tyler Wellman Date: Thu, 30 Nov 2023 12:19:22 -0500 Subject: [PATCH 1/4] Add list of required IAM policies for EKS cluster and EKS node group --- k8s/docs/03-deploy/tigergraph-on-eks.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/k8s/docs/03-deploy/tigergraph-on-eks.md b/k8s/docs/03-deploy/tigergraph-on-eks.md index 3a15b5c7e..4e49f2cf2 100644 --- a/k8s/docs/03-deploy/tigergraph-on-eks.md +++ b/k8s/docs/03-deploy/tigergraph-on-eks.md @@ -35,7 +35,16 @@ Before proceeding with the deployment, make sure you have the following prerequi - [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed with the latest version. This will be used to install the EBS CSI driver `aws-ebs-csi-driver` if necessary. -- An existing [EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) with admin role permissions. +- An existing [EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) with appropriate IAM permissions: + - The EKS Cluster requires an IAM role with the following AWS-managed IAM policies attached: + - `arn:aws:iam::aws:policy/AmazonEKSClusterPolicy` + - `arn:aws:iam::aws:policy/AmazonEKSServicePolicy` + - The EKS node group requires an IAM role with the following AWS-managed IAM policies attached: + - `arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy` + - `arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy` + - `arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly` + - `arn:aws:iam::aws:policy/AmazonEKSClusterPolicy` + - `arn:aws:iam::aws:policy/AmazonEKSVPCResourceController` ## Deploy TigerGraph Operator From a470e8dfbe8340a84b5efd1da94b5b5e9fc06446 Mon Sep 17 00:00:00 2001 From: Tyler Wellman Date: Thu, 30 Nov 2023 12:21:21 -0500 Subject: [PATCH 2/4] Fix typo --- k8s/docs/03-deploy/tigergraph-on-eks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/docs/03-deploy/tigergraph-on-eks.md b/k8s/docs/03-deploy/tigergraph-on-eks.md index 4e49f2cf2..60abeeded 100644 --- a/k8s/docs/03-deploy/tigergraph-on-eks.md +++ b/k8s/docs/03-deploy/tigergraph-on-eks.md @@ -258,7 +258,7 @@ Choose the appropriate StorageClass (e.g., `gp2`) when creating the TigerGraph c > Please ensure that the IAM role for the Amazon EBS CSI driver has been created. You can refer to the official AWS documentation [Creating the Amazon EBS CSI driver IAM role](https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html) for detailed instructions. ```bash - aws eks create-addon --cluster-name $YOUR_EKS_CLUSTER_NAME --addon-name aws-ebs-csi-driver + aws eks create-addon --cluster-name ${YOUR_CLUSTER_NAME} --addon-name aws-ebs-csi-driver ``` ### Create a TigerGraph Cluster with Specific Options From b1d844ba9bef2e349516e4fb4f6a60d926461667 Mon Sep 17 00:00:00 2001 From: Tyler Wellman Date: Thu, 30 Nov 2023 13:14:05 -0500 Subject: [PATCH 3/4] Clarify instructions regarding Amazon EBS CSI driver --- k8s/docs/03-deploy/tigergraph-on-eks.md | 33 ++++++++++++------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/k8s/docs/03-deploy/tigergraph-on-eks.md b/k8s/docs/03-deploy/tigergraph-on-eks.md index 60abeeded..04311223d 100644 --- a/k8s/docs/03-deploy/tigergraph-on-eks.md +++ b/k8s/docs/03-deploy/tigergraph-on-eks.md @@ -36,7 +36,7 @@ Before proceeding with the deployment, make sure you have the following prerequi - [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed with the latest version. This will be used to install the EBS CSI driver `aws-ebs-csi-driver` if necessary. - An existing [EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) with appropriate IAM permissions: - - The EKS Cluster requires an IAM role with the following AWS-managed IAM policies attached: + - The EKS cluster requires an IAM role with the following AWS-managed IAM policies attached: - `arn:aws:iam::aws:policy/AmazonEKSClusterPolicy` - `arn:aws:iam::aws:policy/AmazonEKSServicePolicy` - The EKS node group requires an IAM role with the following AWS-managed IAM policies attached: @@ -147,6 +147,18 @@ To verify the successful deployment of the Operator, use the following command: kubectl wait deployment tigergraph-operator-controller-manager --for condition=Available=True --timeout=120s -n ${YOUR_NAMESPACE} ``` +### Install EBS CSI driver +The Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver manages the lifecycle of Amazon EBS volumes as storage for the Kubernetes Volumes that you create. [Official AWS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) + + ```bash + aws eks create-addon --cluster-name ${YOUR_CLUSTER_NAME} --addon-name aws-ebs-csi-driver + ``` + +#### Wait for the Amazon EBS CSI Driver deployment (ebs-csi-controller) to become available in the EKS cluster + ```bash + kubectl wait --for=condition=Available=True deployment/ebs-csi-controller -n kube-system + ``` + ## Deploy a TigerGraph Cluster This section explains how to deploy a TigerGraph cluster on EKS using the `kubectl-tg` plugin and a CR (Custom Resource) YAML manifest. @@ -244,22 +256,9 @@ Choose the appropriate StorageClass (e.g., `gp2`) when creating the TigerGraph c Normal ExternalProvisioning 115s (x25 over 7m54s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "ebs.csi.aws.com" or manually created by system administrator ``` - If you encounter the above issues, please resolve it using the following steps: - - 1. Make sure that the EKS cluster has been installed EBS CSI driver - - ```bash - kubectl get deployment ebs-csi-controller -n kube-system - ``` - - 2. If not, install EBS CSI driver through the following commands - - > [!WARNING] - > Please ensure that the IAM role for the Amazon EBS CSI driver has been created. You can refer to the official AWS documentation [Creating the Amazon EBS CSI driver IAM role](https://docs.aws.amazon.com/eks/latest/userguide/csi-iam-role.html) for detailed instructions. - - ```bash - aws eks create-addon --cluster-name ${YOUR_CLUSTER_NAME} --addon-name aws-ebs-csi-driver - ``` +If you're facing the issues above, please check the following: + - Confirm that the EKS cluster and EKS node group have the necessary permissions. [See prerequisites](#prerequisites) + - Verify if the EBS CSI driver is correctly installed as an EKS add-on. [Installation steps](#install-ebs-csi-driver) ### Create a TigerGraph Cluster with Specific Options From 9df2691ebb3f36259825bf9f61a215987a711978 Mon Sep 17 00:00:00 2001 From: Tyler Wellman Date: Thu, 30 Nov 2023 13:26:58 -0500 Subject: [PATCH 4/4] Remove link to ftp server --- k8s/docs/03-deploy/tigergraph-on-eks.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/docs/03-deploy/tigergraph-on-eks.md b/k8s/docs/03-deploy/tigergraph-on-eks.md index 04311223d..19f3f1eef 100644 --- a/k8s/docs/03-deploy/tigergraph-on-eks.md +++ b/k8s/docs/03-deploy/tigergraph-on-eks.md @@ -264,10 +264,10 @@ If you're facing the issues above, please check the following: You can create a new TigerGraph cluster with specific options, such as size, high availability, version, license, and resource specifications. Here's an example: -- Get and export free license +- Export license key as an environment variable ```bash - export LICENSE=$(curl -L "ftp://ftp.graphtiger.com/lic/license3.txt" -o "/tmp/license3.txt" 2>/dev/null && cat /tmp/license3.txt) + export LICENSE= ``` - Create TigerGraph cluster with kubectl-tg plugin