EKS has recently updated their cluster and node group creation process. The contents of this guide are still relevant, but the flow has changed slightly.Updates to this guide are coming soon!

Guide

1

Install requirements

EKS requires the AWS CLI and kubectl CLI.
2

Create the cluster

For this guide, we will use standard settings with the EBS CSI driver.
  • Navigate to Elastic Kubernetes Service (EKS) and create a new cluster
  • For Cluster service role, create a new IAM role with a descriptive name like Sigma-eks-cluster-role
If you do not see the newly created role in the dropdown, click the refresh button in the UI.
  • For Kubernetes version, select a version with standard support
  • Choose Standard upgrade policy
  • Add the Amazon EBS CSI Driver add-on for Sigma’s Persistent Volume Claims
  • Keep the other default add-ons enabled
  • Review and click Create
The cluster may take several minutes to become readyEKS Cluster Creation
3

Add nodes

Once the cluster is active, add worker nodes where Sigma services will run.
  • On the Cluster page, select the Compute tab and click Add node group
  • Provide a Name for the group (e.g., Sigma-node-group)
  • For Node IAM role, either select an existing role used by your organization or create a new one.
Ensure the role has the AmazonEBSCSIDriverPolicy attached so that PVCs can be fulfilled. If creating a role, add this policy in addition to the default policies.
  • Replace the Instance types with c5.2xlarge machines (or c5.4xlarge if you plan to scale beyond 100k documents)
  • Set Volume size in the 200GB - 800GB range depending on your document count
See the Resourcing Guide for more details on storage requirements.
  • For most setups, set the Desired size and Minimum size to 1. You can increase these later to scale up.
  • Maximum unavailable can remain at the default
  • Keep the default networking configuration and click Create
It may take up to 15 minutes for the compute nodes to come online.
4

Create and connect a user

We will need an IAM user with CLI access to manage AWS and the cluster.
  • Navigate to the IAM Dashboard, select Users in the left sidebar, and click Create user
  • Give the user a descriptive name (e.g., Sigma-eks-user)
  • Under permissions, click Attach policies directly and attach:
  • AmazonEKSClusterPolicy
  • AmazonEKSServicePolicy
  • Click Create user
  • On the user’s page, click Create access key and follow the prompts.
  • Select the Command Line Interface (CLI) option during creation.
Save the Access key and Secret access key for later!
  • Navigate back to the EKS cluster and select Access and then Create access entry
  • In IAM principal, select the IAM ARN we just created, then click Next
  • For Access policies, set Policy name to AmazonEKSClusterAdminPolicy, then click Next and Create
5

Fetch kubeconfig

Log in to the AWS CLI and provide the access key and secret key from the IAM user we just created:
aws configure
Configure your kubeconfig to connect to the cluster by filling in the region-code and cluster-name:
aws eks update-kubeconfig --region region-code --name cluster-name
Reference AWS EKS kubeconfig docs.
6

Install Sigma services

The Sigma Helm chart packages all the required services (API, web, PostgreSQL, Vespa, etc.) into a single deployment. By default, persistent volumes will be created for stateful services.First, ensure the gp2 storage class is set as the default storage class (required for PVCs):
kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
Add the Sigma Helm repository:
helm repo add Sigma https://Sigma-dot-app.github.io/Sigma/
helm repo update
helm search repo Sigma
Create a dedicated namespace and install Sigma:
kubectl create namespace Sigma
helm install Sigma Sigma/Sigma -n Sigma
This will pull the latest Sigma chart and deploy all dependencies.
7

Verify the installation

helm list -n Sigma
kubectl get pods -n Sigma
Wait until all pods are in a Running state before accessing Sigma.To check the API server logs (often the last to become ready):
kubectl -n Sigma get pods | grep api-server | awk '{print $1}' | xargs -I {} kubectl -n Sigma logs {} -f
8

Access Sigma

For local testing, port-forward:
kubectl -n Sigma port-forward service/Sigma-nginx 8080:80
Then open http://localhost:8080.

Upgrading

To upgrade Sigma services, first update the Helm repository: 
helm repo update
helm upgrade Sigma Sigma/Sigma -n Sigma
To upgrade to a specific version, use: 
helm upgrade Sigma Sigma/Sigma -n Sigma --version <VERSION>

Uninstalling

To remove the Sigma services: 
helm uninstall Sigma -n Sigma
Vespa, Postgres, and MinIO leave behind PVCs. To delete them: 
kubectl -n Sigma get pvc
kubectl -n Sigma delete pvc vespa-storage-da-vespa-0
kubectl -n Sigma delete pvc Sigma-minio
kubectl -n Sigma delete pvc data-Sigma-postgresql-0

Next Steps

Configure Authentication

Set up authentication for your Sigma deployment with OAuth, OIDC, or SAML.

More Sigma Configuration Options

Learn about all available configuration options for your Sigma deployment.