If you do not have a AWS account, you will need to create one at https://aws.amazon.com/
Kazuhm will create the AWS resources required based on your provisioning decisions (see below).
In order for Kazuhm to provision Kubernetes on AWS EC2 instances you will need an account with sufficient privileges to create an IAM user.
Create IAM User
- Open the IAM console at https://console.aws.amazon.com/iam/
- Select Users, then Add Users.
- Create a User name
- Under Select AWS access type, select Programmatic access.
- Click Next: Permissions.
- Click Attach existing policies directly.
- Search for AdministratorAccess and check the box to attach it to the user.
- Click Next: Tags (none are required).
- Click Next: Review.
- Click Create User.
- Download .csv to copy the required Access key ID and Secret access key to your local system; they will be required for Add Host (see below).
From Host Management, Add Host, selecting AWS EC2.
Enter the Access key ID and Secret access key along with Region.
Followed by Host details.
Name - a meaningful name for your EC2 hosts.
Number of nodes - the number of EC2 instances you want to provision as Workers*.
* An additional t3.small EC2 instance is provisioned as the Kubernetes Master [Also see Default
Configuration - Kubernetes Master Size below].
Machine type - select the EC2 instance type required. For example, c5.large (compute optimized).
On Create instance provisioning will start.
Progress can be followed from your AWS Console and in Host Management:
On successful completion all your AWS EC2 hosts will be displayed in Host Management as Connected.
Each instance also has its own Volume.
When provisioning EC2 hosts, AWS public Ubuntu AMI (Amazon Machine Image) is used as the Operating System of choice; specifically Ubuntu 18.04 LTS.
Supported EC2 Instances
The list of supported EC2 instance types is currently limited to:
Naming EC2 Instances
To identify each EC2 host group provisioned by Kazuhm, each Host Group is assigned a unique 12-byte hexadecimal string and we have included that string as a prefix to each instance’s name. We have also included an instance’s role in the Kubernetes cluster and a number that tracks the number of workers in the cluster. By default, AWS does not name the instances it provisions and allows users to modify the instance name.
By default, AWS follows ubuntu@<public_dns(ipv4)> convention for all ubuntu-based hostnames.
Kazuhm changes the default hostnames to “k8s-master-loc-default” for the master and “k8s-node-loc-default-<number>” for the workers in the Kubernetes cluster.
Naming Security Groups
To identify each EC2 host group provisioned through the portal, each host group is assigned a unique 12-byte hexadecimal string. Similar to how we name instances, an EC2 host group’s security group name also contains the unique identifier. This identifier is preceded by “kazuhm”, informing that the security was created the Kazuhm service. TSecurity group also includes a description, “Managed by Terraform”.
Ingress and Egress Rules
When creating a security group for your EC2 host, we need to specify networking ingress and egress rules.
We allow all inbound traffic within a security group and unrestricted inbound SSH access.
We recommend users do not modify the unrestricted inbound access within the security group so as to interfere with the host group processes.
For security reasons, we advise users to modify restrict SSH access to a selected set of IP addresses after their EC2 host group is provisioned.
For egress rules, we allow all outbound traffic.
If you terminate a Kazuhm-provisioned EC2 instance using the AWS console or CLI, we will also automatically remove its attached storage volume(s). By default, AWS allows users to manually configure their instance-termination policy and whether volumes should be removed when the associated instance is terminated.
Please refer to FAQs - How do I troubleshoot Amazon EC2 Hosts?