Articles in this section

Add/Delete AWS EC2 Host

Avatar
Kazuhm Admin
  • Updated
Follow

If you do not have a AWS account, you will need to create one at https://aws.amazon.com/

Kazuhm will create the AWS resources required based on your provisioning decisions (see below).

Authentication

In order for Kazuhm to provision Kubernetes on AWS EC2 instances you will need an account with sufficient  privileges to create an IAM user.

Create IAM User

  • Open the IAM console at https://console.aws.amazon.com/iam/
  • Select Users, then Add Users.
  • Create a User name
  • Under Select AWS access type, select Programmatic access.
  • Click Next: Permissions.
  • Click Attach existing policies directly.
  • Search for AdministratorAccess and check the box to attach it to the user.
  • Click Next: Tags (none are required).
  • Click Next: Review.

AWSUser1_061219.jpg

  • Click Create User.

AWSUser2_061219.jpg

  • Download .csv to copy the required Access key ID and Secret access key to your local system; they will be required for Add Host (see below).

Add Host

From Host Management, Add Host, selecting AWS EC2.

AWSAddHost1.jpg

Enter the Access key ID and Secret access key along with Region.

AWSAddHost2.jpg

Followed by Host details.

AWSAddHost3.jpg

Information includes:

Name - a meaningful name for your EC2 hosts.

Number of nodes - the number of EC2 instances you want to provision as Workers*.

* An additional t3.small EC2 instance is provisioned as the Kubernetes Master [Also see Default
Configuration - Kubernetes Master Size below].

Machine type - select the EC2 instance type required. For example, c5.large (compute optimized).

Provisioning

On Create instance provisioning will start.

ComponentsCreating.jpg

Progress can be followed from your AWS Console and in Host Management:

AWSProvisioning.jpg

On successful completion all your AWS EC2 hosts will be displayed in Host Management as Connected.

AWSConnected.jpg

Each instance also has its own Volume.

AWSVolume1_061319.jpg

AWSVolume2_061319.jpg

Default Configuration

Operating System

When provisioning EC2 hosts, AWS public Ubuntu AMI (Amazon Machine Image) is used as the Operating System of choice; specifically Ubuntu 18.04 LTS.

Supported EC2 Instances

The list of supported EC2 instance types is currently limited to:

c5.large
c5.xlarge
c5.2xlarge
c5.4xlarge
c5.9xlarge
c5.18xlarge
c5n.large
c5n.xlarge
c5n.2xlarge
c5n.4xlarge
c5n.9xlarge
c5n.18xlarge
r5.large
r5.xlarge
r5.2xlarge
r5.4xlarge
r5.12xlarge
r5.24xlarge
r5a.large
r5a.xlarge
r5a.2xlarge
r5a.4xlarge
r5a.12xlarge
r5a.24xlarge
t3.small
t3.medium
t3.large
t3.xlarge
t3.2xlarge

Naming EC2 Instances

To identify each EC2 host group provisioned by Kazuhm, each Host Group is assigned a unique 12-byte hexadecimal string and we have included that string as a prefix to each instance’s name. We have also included an instance’s role in the Kubernetes cluster and a number that tracks the number of workers in the cluster. By default, AWS does not name the instances it provisions and allows users to modify the instance name.

AWSConsole2_061319.jpg

Changing Hostnames

By default, AWS follows ubuntu@<public_dns(ipv4)> convention for all ubuntu-based hostnames.

Kazuhm changes the default hostnames to “k8s-master-loc-default” for the master and “k8s-node-loc-default-<number>” for the workers in the Kubernetes cluster.

Naming Security Groups

To identify each EC2 host group provisioned through the portal, each host group is assigned a unique 12-byte hexadecimal string. Similar to how we name instances, an EC2 host group’s security group name also contains the unique identifier. This identifier is preceded by “kazuhm”, informing that the security was created the Kazuhm service. TSecurity group also includes a description, “Managed by Terraform”.

AWSSecurityGroup_061319.jpg

Ingress and Egress Rules

When creating a security group for your EC2 host, we need to specify networking ingress and egress rules.

We allow all inbound traffic within a security group and unrestricted inbound SSH access.

We recommend users do not modify the unrestricted inbound access within the security group so as to interfere with the host group processes.

For security reasons, we advise users to modify restrict SSH access to a selected set of IP addresses after their EC2 host group is provisioned.

For egress rules, we allow all outbound traffic.

Termination Policy

If you terminate a Kazuhm-provisioned EC2 instance using the AWS console or CLI, we will also automatically remove its attached storage volume(s). By default, AWS allows users to manually configure their instance-termination policy and whether volumes should be removed when the associated instance is terminated.

Troubleshooting

Please refer to FAQs - How do I troubleshoot Amazon EC2 Hosts?

Comments

0 comments

Article is closed for comments.

Powered by Zendesk