Amazon Web Services (AWS) is the most popular cloud service. You can launch several virtual machines on the Amazon datacenter. This section covers sign-up, setting up AWS infrastructure, and launching Kubernetes on AWS.
You must sign up to AWS to create an account. Access http://aws.amazon.com to put in your information and credit card number:
AWS registration
After registration, you may need to wait up to 24 hours in order to validate your account. After this, you will see the following page after logging on to the AWS console:
AWS console
AWS supports multiple region datacenters; you may choose the nearest and cheapest region. Inside the region, there are several Availability Zones (AZ), which are physically isolated locations that are available.
Once you choose a region, you can set up the
Virtual Private Cloud (VPC) on your own network, such as 10.0.0.0/16. Inside VPC, you can also define public and private subnets that will do the following:
- Public subnet : Allows you to assign a public IP address and access from/to public Internet via Internet Gateway
- Private subnet : Assigns a private IP address only; can't access from public Internet, outgoing access to Internet through NAT
- Between public subnet and private subnet are accessible
Each subnet must be located in single AZ. Therefore, it would better to create multiple public subnets and multiple private subnets in order to avoid a single point of failure (SPOF).
Typical VPC and subnet design
It would better to consider multiAZ for NAT; however, in this cookbook, we will skip it, as it is not necessary. For more details about the NAT gateway, please follow the link http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html.
Let's create this VPC on your AWS.
- On the AWS console, access VPC and click on Create VPC. Then, input the name tag as My Kubernetes VPC and CIDR as 10.0.0.0/16:
Create VPC window
Under the VPC, subnets for both public and private on multiAZ are mentioned in the following table:
Name Tag
CIDR Block
Availability Zone
Auto-Assign Public IP
My Kubernetes Public A10.0.0.0/24us-east-1aYes
My Kubernetes Public D10.0.1.0/24us-east-1dYes
My Kubernetes Private A10.0.2.0/24us-east-1aNo (Default)
My Kubernetes Private D10.0.3.0/24us-east-1dNo (Default)
- Click on Subnets on the left navigation link. Then, click on the Create Subnet button. Fill out the information and choose the VPC and Availability Zone for each subnet. Repeat this four times to create four subnets:
Creating subnet
- Select the public subnet and click on the Subnet Actions button. Then, choose Modify Auto-Assign Public IP to enable public IP auto-assignment.
Set Auto-Assign Public IP
Each subnet should have a gateway that goes to an external network. There are two types of gateway, as follows:
Public subnets associate with an Internet Gateway; on the other hand, private subnets can go to the Internet through NAT. Let's create IGW and NAT as follows:
|
Type |
Associate to |
|---|---|
|
Internet Gateway |
VPC |
|
NAT Gateway |
Public Subnet A |
- After creating IGW and NAT, you need to adjust the route table to set the default gateway to IGW or NAT, as follows:
Route Table Name
Route Destination
Association
My Kubernetes Public Route10.0.0.0/16 local0.0.0.0/0 IGWPublic Subnet A
Public Subnet D
My Kubernetes Private Route10.0.0.0/16 local0.0.0.0/0 NATPrivate Subnet A
Private Subnet D
- On the AWS console, click on Route Tables on the left navigation pane. Then, click on the Create Route Table button. Fill out Table Name and choose the VPN that you created. Repeat this procedure twice for a public route and private route.
- After creating routes, you need to add the default route as either Internet Gateway (IGW) or NAT.
For a public route, click on the Routes tab and click on Edit. Then, add the default route as
0.0.0.0/0and Target as the IGW ID.For a private route, click on the Routes tab and click on Edit. Then, add the default route as
0.0.0.0/0and Target as the NAT Gateway ID.
Set default route to NAT
- Finally, click on the Subnet Associations tab and then on the Edit button. Then, choose public subnets for a public route and private subnets for a private route, as follows:
Associate route table to subnet
Security group is a kind of firewall to set up a rule that allows either inbound traffic or outbound traffic. For Kubernetes, there are some known traffic rules that should be set as follows:
|
Rule name |
Inbound Protocol and port number |
Source |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
On the AWS console, click on Security Groups on the left navigation pane, create five Security Groups, and add Inbound Rules, as follows:
Creating a Security Group
Once you create your own VPC and related subnets and security groups, you can launch the EC2 instance to set up your own Kubernetes cluster. Note that the EC2 instances should be launched and associated with subnets and security groups as follows:
|
Instance |
Subnet |
Security Group |
|---|---|---|
|
etcd |
Private |
|
|
Kubernetes node (with flannel) |
Public |
|
|
Kubernetes master (with flannel) |
Private |
|
Minimal configuration of the Kubernetes cluster in the AWS VPC
In this recipe, you learned how to register Amazon Web Services and how to create your own infrastructure. AWS provides a huge number of services; however, it has a lot of documentation and related webinars online. It is recommended that you read and watch to understand the best practices to use the AWS infrastructure. Following is a list of good resources:
Furthermore, look at the following recipes:
- The Building datastore and Creating an overlay network recipes in Chapter 1, Building Your Own Kubernetes
- Managing applications using AWS OpsWorks
- Auto-deploying Kubernetes through Chef recipes
- Using AWS CloudFormation for fast provisioning