Add Amazon Web Services Cloud Provider
You must have the Amazon Web Services (AWS) account credentials to be able to connect to AWS and create a cloud provider.
Following permissions are required on your AWS account in order to deploy fully automated Managed Kubernetes clusters.
- ELB Management
- Route 53 DNS Configuration
- Access to two or more Availability Zones within the region
- EC2 Instance Management
- EBS Volume Management
- VPC Management
Following prerequisites must be met before adding your Amazon AWS account as a cloud provider to Managed Kubernetes.
Choose a compatible set of AWS credentials
The account that these credentials are associated with must have at least one Route 53 hosted zone registered. When creating a cluster, the API FQDN and Service FQDN should be of that hosted zone.
For example, if the hosted zone is of domain name “platform9.systems” then the API and Service FQDN should be of the form xxx.platform9.systems
The credentials must also be capable of adding/deleting the following artifacts.
- VPC (Only if deploying a cluster to a new VPC)
- Subnets in each AZ (Only if deploying a cluster to a new VPC. In an existing VPC, the first subnet of each AZ is used)
- Security Group (For cluster connectivity)
- ELB (For HA Kubernetes API)
- Auto Scaling Groups (For creation of ASGs for master and worker nodes)
- Route 53 Hosted Zone Record sets (For API and Service FQDNs)
- Launch Configuration (For creating EC2 instances)
- Internet Gateway (For exposing the Kubernetes API with HTTPS)
- Routes (For the Internet Gateway)
- IAM Roles and Instance Profiles (For deployment of highly available etcd and Kubernetes AWS integration)
Download pre-configured policy with required AWS credentials
You can download a pre-configured AWS Policy with the above requirements from here, then import and apply it to your credentials’ IAM Role.
Make sure that the default limits for your region are configured properly
All AWS resources are configured by default with limits. As your usage of Kubernetes on AWS grows, you might run into some of them.
For example, the AWS default limit for number of VPCs in a region is 5, as stated in AWS documentation on VPC limits
To see the default limit values for all your EC2 resources within a given region:
- Log into your AWS console
- Navigate to Services > EC2
- Once in EC2, on the left hand side menu panel, click on limits
This will show you all default limits for your AWS resources.
Any specific limit can be raised by submitting a ‘Service limit increase’ request with AWS.
Add AWS Cloud Provider
You must be an administrator to perform this operation within Platform9. Follow the steps given below to create a new AWS cloud provider.
- Navigate to Infrastructure>Cloud Providers>Add New Cloud Provider.
- Click Amazon Web Services under Cloud Provider Type.
Enter the following AWS credentials.
Field Description Name Name of your choice to be given to the cloud provider AWS Access Key ID Access Key ID provided by AWS AWS Secret Access Key Secret Access Key provided by AWS
- Click Save.
The AWS cloud provider is created successfully, and you are now ready to create Kubernetes clusters on the AWS cloud provider.
You can create multiple AWS cloud providers. For ease of debugging, we recommend that each cloud provider is created with unique credentials.