Running CloudGraph in EKS

To run CloudGraph in EKS you will need the following assets:

AWS Assets

  1. EKS Cluster
    1. Have an OIDC in the EKS Cluster for IRSA
    2. Use Kubernetes 1.17 or newer
  2. Encrypted s3 Bucket
    1. KMS key
    2. s3 Bucket
  3. IAM Role for CloudGraph with the following:
    1. Permissions to use the KMS key
    2. Permissions to use the s3 bucket
    3. Permissions to assume the roles in the target accounts
    4. A trust policy for the OIDC provider

Kubernetes Assets

  1. A Dockerfile for CloudGraph
  2. A Namespace for CloudGraph
  3. A ServiceAccount for CloudGraph
  4. A recurring workload
    1. Use a CronJob in Kubernetes 1.21 and newer
    2. For Kubernetes 1.20 or older use a ScheduledJob
  5. A ConfigMap for CloudGraph

Authentication model

  1. Target account - IAM Role
  2. CloudGraph account - IAM Role
  3. ServiceAccount annotation
  4. Credential injection
  5. CloudGraph configuration file

Helm Assets

  1. CloudGraph helm chart
  2. Deployment instructions

DGraph Assets

  1. DGraph helm chart
  2. Deployment instructions

Updated 20 Apr 2022
Did this page help?