đź› 
Dash Enterprise Administration
đź› 
Dash Enterprise Administration
Changelog
Installation
Capacity Planning
Before you install
Dash Enterprise Single Server
Dash Enterprise Kubernetes
Amazon Web Services resource prerequisites
Google Cloud Platform resource prerequisites
Microsoft Azure resource prerequisites
Configuration
Set up your Server Manager
Run preflight checks
Configure basic settings
Authentication settings
Dash Enterprise Kubernetes additional required configuration
Configure optional settings
Other options and customizations
Using Snapshots & Backups
Running and logging into Dash Enterprise
Next steps
Advanced Configuration
General troubleshooting and problem solving
Load balancer configuration
Reverse proxy setup instructions
Docker storage driver requirements and considerations
Import an LDAPS certificate from Active Directory into Dash Enterprise
Transfer Dash Enterprise to a new server
Sync license changes
Change channels for an upgrade
Admin panel reference
Configure Dash Enterprise to use common SAML IdPs
Configure Dash Enterprise to use common LDAP IdPs
Upgrade
Prepare for the upgrade
Upgrade
After the Upgrade
Advanced Troubleshooting
Dash Enterprise Architecture and Internals
Navigating the System
Navigating the Support Bundle
Getting Help and Reporting Issues
Troubleshooting Specific Issues
Powered by GitBook

Amazon Web Services resource prerequisites

Create a new VPC (guide) with the following resources:

    1. At least two /20 subnets (guide) covering at least two availability zones, configured to auto-assign public IP addresses (guide)

    2. An Internet Gateway attached (guide)

      • You also need to add a route to the VPC’s Route Table that allows all inbound traffic to this Internet Gateway (guide)

    3. DNS resolution and DNS hostnames enabled (guide)

  2. Create a new security group (guide) with the following Inbound rules, all with source Anywhere

    1. HTTP

    2. HTTPS

    3. SSH

    4. PostgreSQL

    5. Custom TCP rule: Port 6379

    6. Custom TCP rule: Port 3022

    7. Custom TCP rule: Port 8800

  3. Create one IAM Access Management Policy (guide) with the below sets of permissions:

    1. Service: Elastic Container Registry; Actions: All Elastic Container Registry; Resources: Any for repository

    2. Service: EKS; Actions: All EKS actions; Resources: Any for cluster

    3. Service: Systems Manager; Actions: all GetParameter; Resources: Any

  4. Create three IAM Service Roles (guide):

    1. One “registry manager” role with the EC2 use case and the new policy from Step 3 attached

    2. One “cluster manager” role created with the EKS - Cluster use case and AmazonEKSClusterPolicy

      • After this role is created, click on its name, then Attach Policy and select AmazonEKSServicePolicy

    3. One “worker node” role with the EC2 use case and these policies:

      • AmazonEKSWorkerNodePolicy

      • AmazonEC2ContainerRegistryReadOnly

      • AmazonEKS_CNI_POLICY

  5. Create an EC2 instance provisioned with the Plotly AMI according to Installation on Amazon Web Services (This instance will act as the Replicated Management Node), with these Instance Details changed from the default:

    1. Set the Network to the VPC from Step 1 and select a Subnet from that VPC

    2. Set Auto-assign public IP to Disable

    3. Set the IAM role to the “registry manager” EC2 service account from Step 4a

    4. Select an existing security group and assign the group you created in Step 2

      • Depending on your network, you may need to assign additional security groups; please consult your cloud infrastructure administrator if unsure

  6. SSH into your EC2 instance and:

    1. Install Python 3

    2. Install aws-cli v2 (guide) and configure it with at least your AWS Access Key IS and AWS Secret Access Key (guide)

    3. Install kubectl (guide)

  7. In the Amazon RDS dashboard, create a new DB subnet group in your VPC (guide)

  8. Create a single RDS Postgres (version 11) instance with Standard Create (guide)

    1. During configuration:

      • Choose the Production template

      • Leave the Master username as postgres and record the password for use in the next step

      • Under Availability & Durability, ensure Create a standby instance is selected

      • Under Connectivity, select the VPC you created in Step 1 and its associated VPC subnet group

      • Expand Additional Configuration and set the Initial database name to dashauth

    2. After the RDS instance is ready, SSH into the EC2 instance you created and connect to the database (guide), then:

      • Create a second database named dash_deployment_server

      • Assign all privileges to the postgres user for the dashauth and dash_deployment_server databases

  9. In the ElastiCache dashboard, create a new DB subnet group

    1. Use your VPC ID from Step 1

    2. In the Availability Zone or outpost drop-down, select each availability zone you created in Step 1a and Add their Subnet IDs, then click Create

  10. Create an ElastiCache cluster using the Redis cluster engine, with cluster mode disabled (guide)

    1. In the Advanced Redis settings, ensure Multi-AZ with Auto-Failover is selected

    2. Select the Subnet group you just created

  11. Create an Elastic Kubernetes Service cluster (guide) with the following settings changed from default:

    1. Kubernetes version: choose the latest supported version from supported Kubernetes versions.

    2. Cluster Service Role: the “cluster manager” IAM Role created in Step 4b

    3. VPC: the VPC you created in Step 1

    4. Security groups: all groups suggested by the wizard

    5. Cluster endpoint access: private

  12. Click on the cluster name, then click the Cluster security group (under the Networking tab) and add an Inbound rule allowing traffic on port 443 from your EC2 instance’s subnet

  13. From your EC2 instance’s command line, add your new cluster’s configuration to your kubeconfig (guide)

  14. Create an EKS node group (guide):

    1. Node group compute configuration

      • If using a GPU node pool:

      • If not using a GPU node pool:

        • AMI: Amazon Linux 2 (AL2_x86_64)

        • Managed node instance type: t3.xlarge

    2. Node IAM Role Name: the “worker node” IAM Role created in Step 4c

    3. Allow remote access to nodes from selected security groups and choose the group you created in Step 2

    4. Disk size: 200 GiB

    5. At least 4 nodes

  15. From your EC2 instance’s command line, add the Roles you created in Step 4 to the cluster configmap (guide) with the below example 1. Replace WORKER_NODE_ROLE_ARN with the ARN of the role you created in Step 4c 2. Replace REGISTRY_MANAGER_ROLE_ARN with the ARN of the role you created in Step 4a 3. You can retrieve each role’s ARN by visiting its Summary page in the IAM Management Console​

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: aws-auth
      namespace: kube-system
    data:
      mapRoles: |
       - rolearn: WORKER_NODE_ROLE_ARN
       username: system:node:{{EC2PrivateDNSName}}
       groups:
          - system:bootstrappers
          - system:nodes
       - rolearn: REGISTRY_MANAGER_ROLE_ARN
       username: kubectl-access-user
       groups:
          - system:masters

  16. Create an Elastic Container Registry repository (guide) to contain the images for your Dash apps

Installation - Previous
Dash Enterprise Kubernetes
Next
Google Cloud Platform resource prerequisites
Last updated 12 minutes ago