Amazon Web Services (AWS) is the most popular cloud service. You can launch several virtual machines on the Amazon datacenter. This section covers sign-up, setting up AWS infrastructure, and launching Kubernetes on AWS.
You must sign up to AWS to create an account. Access http://aws.amazon.com to put in your information and credit card number:
After registration, you may need to wait up to 24 hours in order to validate your account. After this, you will see the following page after logging on to the AWS console:
AWS supports multiple region datacenters; you may choose the nearest and cheapest region. Inside the region, there are several Availability Zones (AZ), which are physically isolated locations that are available.
Once you choose a region, you can set up the
Virtual Private Cloud (VPC) on your own network, such as 10.0.0.0/16
. Inside VPC, you can also define public and private subnets that will do the following:
Each subnet must be located in single AZ. Therefore, it would better to create multiple public subnets and multiple private subnets in order to avoid a single point of failure (SPOF).
It would better to consider multiAZ for NAT; however, in this cookbook, we will skip it, as it is not necessary. For more details about the NAT gateway, please follow the link http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html.
Let's create this VPC on your AWS.
Under the VPC, subnets for both public and private on multiAZ are mentioned in the following table:
Name Tag |
CIDR Block |
Availability Zone |
Auto-Assign Public IP |
---|---|---|---|
|
|
|
Yes |
|
|
|
Yes |
|
|
|
No (Default) |
|
|
|
No (Default) |
Each subnet should have a gateway that goes to an external network. There are two types of gateway, as follows:
Public subnets associate with an Internet Gateway; on the other hand, private subnets can go to the Internet through NAT. Let's create IGW and NAT as follows:
Type |
Associate to |
---|---|
Internet Gateway |
VPC |
NAT Gateway |
Public Subnet A |
Route Table Name |
Route Destination |
Association |
---|---|---|
|
|
Public Subnet A Public Subnet D |
|
|
Private Subnet A Private Subnet D |
For a public route, click on the Routes tab and click on Edit. Then, add the default route as 0.0.0.0/0
and Target as the IGW ID.
For a private route, click on the Routes tab and click on Edit. Then, add the default route as 0.0.0.0/0
and Target as the NAT Gateway ID.
Security group is a kind of firewall to set up a rule that allows either inbound traffic or outbound traffic. For Kubernetes, there are some known traffic rules that should be set as follows:
Rule name |
Inbound Protocol and port number |
Source |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
On the AWS console, click on Security Groups on the left navigation pane, create five Security Groups, and add Inbound Rules, as follows:
Once you create your own VPC and related subnets and security groups, you can launch the EC2 instance to set up your own Kubernetes cluster. Note that the EC2 instances should be launched and associated with subnets and security groups as follows:
Instance |
Subnet |
Security Group |
---|---|---|
etcd |
Private |
|
Kubernetes node (with flannel) |
Public |
|
Kubernetes master (with flannel) |
Private |
|
In this recipe, you learned how to register Amazon Web Services and how to create your own infrastructure. AWS provides a huge number of services; however, it has a lot of documentation and related webinars online. It is recommended that you read and watch to understand the best practices to use the AWS infrastructure. Following is a list of good resources:
Furthermore, look at the following recipes: