Skip to content

Prerequisites Guide

This guide covers all infrastructure prerequisites required before deploying the e6data Kubernetes Operator.

Quick Checklist

Before installing the operator, ensure the following are ready:

Requirement AWS EKS GCP GKE Azure AKS Notes
Kubernetes 1.24+ Required Required Required Core requirement
cert-manager 1.10+ Required Required Required Webhook TLS
Helm 3.8+ Required Required Required Deployment
Cloud IAM Pod Identity or IRSA Workload Identity Workload Identity Storage access
Object Storage S3 bucket GCS bucket Azure Blob container Data storage
GreptimeDB Operator Optional Optional Optional For MonitoringServices
Karpenter 1.0+ Recommended Recommended Recommended Dynamic node provisioning

Cloud-Specific Prerequisites

For detailed IAM policies, trust policies, and Karpenter setup, see the cloud-specific guides:

Cloud Guide Key Topics
AWS EKS AWS Prerequisites Pod Identity, IRSA, S3/Glue policies, Karpenter ARM64 (Graviton)
GCP GKE GCP Prerequisites Workload Identity, GCS/BigQuery roles, Karpenter T2A
Azure AKS Azure Prerequisites Workload Identity, Blob Storage RBAC, Karpenter Ampere Altra

1. cert-manager (Required)

cert-manager provides TLS certificates for webhook endpoints. This is required for the operator to function.

Installation

# Install cert-manager v1.16.2 (or later)
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml

# Wait for all components to be ready
kubectl wait --for=condition=Available --timeout=300s -n cert-manager \
  deployment/cert-manager \
  deployment/cert-manager-webhook \
  deployment/cert-manager-cainjector

# Verify installation
kubectl get pods -n cert-manager

Expected Output: 

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-xxxxxxxxx-xxxxx              1/1     Running   0          2m
cert-manager-cainjector-xxxxxxxxx-xxxxx   1/1     Running   0          2m
cert-manager-webhook-xxxxxxxxx-xxxxx      1/1     Running   0          2m

Troubleshooting

If cert-manager pods are not ready:

# Check events
kubectl get events -n cert-manager --sort-by='.lastTimestamp'

# Check logs
kubectl logs -n cert-manager deployment/cert-manager
kubectl logs -n cert-manager deployment/cert-manager-webhook

Common issues: - ImagePullBackOff: Network issues or registry restrictions - CrashLoopBackOff: Check logs for certificate issues

2. GreptimeDB Operator (Optional)

Required if you plan to use MonitoringServices CRD for query history and metrics storage.

Installation

# Create namespace
kubectl create namespace greptimedb-admin

# Add Helm repository
helm repo add greptime https://greptimeteam.github.io/helm-charts/
helm repo update

# Install GreptimeDB Operator
helm install greptimedb-operator greptime/greptimedb-operator \
  --namespace greptimedb-admin \
  --set image.pullPolicy=IfNotPresent

# Verify installation
kubectl get pods -n greptimedb-admin

Expected Output: 

NAME                                    READY   STATUS    RESTARTS   AGE
greptimedb-operator-xxxxxxxxx-xxxxx    1/1     Running   0          2m

Verify CRDs

kubectl get crd | grep greptime

# Expected:
# greptimedbclusters.greptime.io
# greptimedbstandalones.greptime.io

3. Storage Classes

Ensure appropriate storage classes exist for your cloud provider.

AWS EKS

# List available storage classes
kubectl get storageclass

# gp3 should be available (recommended)
# If not, create it:
kubectl apply -f - <<EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: gp3
provisioner: ebs.csi.aws.com
parameters:
  type: gp3
  fsType: ext4
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
EOF

GCP GKE

# standard-rwo is usually available by default
kubectl get storageclass

Azure AKS

# managed-csi is usually available by default
kubectl get storageclass

4. Verification Checklist

Run this checklist before installing the e6data operator:

#!/bin/bash
echo "=== e6data Prerequisites Check ==="

echo -n "1. Kubernetes version: "
kubectl version --short 2>/dev/null | grep Server || echo "FAIL"

echo -n "2. cert-manager: "
kubectl get pods -n cert-manager --no-headers 2>/dev/null | grep -q Running && echo "OK" || echo "NOT READY"

echo -n "3. Storage classes: "
kubectl get sc --no-headers 2>/dev/null | wc -l | xargs -I{} echo "{} available"

echo -n "4. GreptimeDB Operator: "
kubectl get pods -n greptimedb-admin --no-headers 2>/dev/null | grep -q Running && echo "OK" || echo "NOT INSTALLED (optional)"

echo -n "5. Karpenter: "
kubectl get pods -n karpenter --no-headers 2>/dev/null | grep -q Running && echo "OK" || echo "NOT INSTALLED (optional)"

echo "=== Cloud-Specific Checks ==="
# AWS
if aws sts get-caller-identity &>/dev/null; then
  echo "AWS: Authenticated"
  echo -n "  OIDC Provider: "
  aws eks describe-cluster --name $(kubectl config current-context | cut -d'/' -f2) --query "cluster.identity.oidc.issuer" 2>/dev/null && echo "OK" || echo "NOT CONFIGURED"
fi

# GCP
if gcloud auth list --filter=status:ACTIVE --format="value(account)" &>/dev/null; then
  echo "GCP: Authenticated"
fi

# Azure
if az account show &>/dev/null; then
  echo "Azure: Authenticated"
fi

Next Steps

Once all prerequisites are met:

  1. Install the e6data Operator
  2. Review RBAC Permissions
  3. Configure Helm Values
  4. Deploy MetadataServices