AWS EKS Prerequisites

This page outlines the prerequisite requirements for deploying Cortex DCI on a Kubernetes/EKS cluster using the "helm-only" deployment model.

For help with deploying your EKS cluster please refer to Amazon's documentation for EKS Kubernetes instantiation.

Basic Installation Prerequisites

• AWS subscription (Account ID)
• Domain name

Cluster preparation is performed by a client-user with System Admin permissions and keys to their AWS account.

Customer-managed Encryption Keys

Customer management of encryption keys is optional and recommended for production environments and systems handling sensitive data.

In AWS the service that manages keys is KMS. Within that service you may select either AWS-managed keys or customer-managed keys.

There are two ways to manage the encryption for customer-managed keys in AWS:

• Let KMS create the cryptographic material
• Choose to import your own key material

Instructions for generating keys are found here.

AWS EKS best practices for using customer-managed keys are found here.

If you are using S3, follow the instructions here.

Also include the following yaml snippet in the values.yaml overrides for your cluster:

api:
  env:
    S3_SSL_ENABLED: true

Hosted Externalized Dependencies

NOTE

Creating hosted-externalized infrastructure dependencies (especially Mongo and Redis) is considered the best practice for both development and production environments of Cortex Fabric.

Customers who opt for this setup are responsible for creating accounts with the dependency providers, procuring the required licenses, implementing appropriate plans for their solutions, monitoring their usage, and managing those accounts.

For development/demo environments customers may opt to install Cortex with the internalized dependencies as directed in the Installation Guide.

• Mongo on AWS
• Redis