Amazon Web Service¶
Kubedna supports AWS, enabling you to deploy and manage Kubernetes clusters directly on the AWS platform. This guide provides step-by-step instructions to configure your project, set up authentication with AWS credentials, and design your Kubernetes cluster with the proper IAM permissions.
Subscription Tier Selection¶
Begin by selecting the subscription tier that best meets your needs. Choose from the following options:
- Nucleus (Standard)
- Genome (Business)
- Biom (Enterprise)
Project Configuration¶
Provide the following details to configure your project:
- Project Name: Choose a unique name to identify your project.
- Project Description: Include a brief overview of the project’s purpose and requirements.
AWS Account & Region Setup¶
Next, specify your AWS environment details:
- AWS Account: Ensure that your AWS account has the necessary privileges.
- Region: Select the AWS region where your resources will be deployed. (Note: All nodes within a Kubernetes cluster must be in the same region.)
Credentials & Permission Configuration¶
For Kubedna to manage AWS resources, you must supply AWS credentials (Access Key ID and Secret Access Key) that have the required IAM permissions. Ensure that your IAM policy includes the following actions:
AWS Permission Mapping¶
| Category | Permission | Description |
|---|---|---|
| Compute Instance Management | ec2:RunInstances | Launch new EC2 instances. |
| ec2:DescribeInstances | Retrieve details of existing EC2 instances. | |
| Elastic IP Address Management | ec2:AllocateAddress | Allocate a new Elastic IP address. |
| ec2:DescribeAddresses | List and retrieve details of allocated IP addresses. | |
| ec2:AssociateAddress | Associate an allocated IP address with an instance or network interface. | |
| Route Table Operations | ec2:AssociateRouteTable | Associate a subnet with a specific route table. |
| ec2:CreateRouteTable | Create a new route table within a VPC. | |
| ec2:DeleteRouteTable | Delete an existing route table. | |
| ec2:DescribeRouteTables | List and view details of route tables. | |
| Launch Template Management | ec2:CreateLaunchTemplate | Create a new EC2 launch template. |
| ec2:CreateLaunchTemplateVersion | Create a new version for an existing launch template. | |
| ec2:DeleteLaunchTemplate | Delete an entire launch template. | |
| ec2:DeleteLaunchTemplateVersions | Delete specific versions of a launch template. | |
| ec2:DescribeLaunchTemplates | Retrieve details about EC2 launch templates. | |
| ec2:DescribeLaunchTemplateVersions | Retrieve details about the versions of a launch template. | |
| Tagging Operations | ec2:CreateTags | Add tags to EC2 resources for identification and management. |
| ec2:DeleteTags | Remove tags from EC2 resources. | |
| Descriptive / Informational Operations | ec2:DescribeAccountAttributes | Retrieve attributes of your AWS account. |
| ec2:DescribeAvailabilityZones | List available Availability Zones in a region. | |
| ec2:DescribeImages | Retrieve information about available AMIs. | |
| ec2:DescribeInternetGateways | List and describe Internet Gateways (more comprehensive than just creation/attachment). | |
| ec2:DescribeKeyPairs | Retrieve details of EC2 key pairs. | |
| ec2:DescribeNetworkInterfaceAttribute | Get attributes of a specific network interface. | |
| ec2:DescribeNetworkInterfaces | List and retrieve details of all network interfaces. | |
| ec2:DescribeSubnets | Retrieve information about subnets. | |
| ec2:DescribeVolumes | List and retrieve details about EBS volumes. | |
| ec2:DescribeVpcAttribute | Retrieve specific attributes of a VPC. | |
| NAT Gateway Operations | ec2:CreateNatGateway | Create a new NAT gateway for outbound internet access. |
| ec2:DescribeNatGateways | Retrieve information about existing NAT gateways. | |
| ec2:DeleteNatGateway | Delete an existing NAT gateway. | |
| Internet Gateway Operations | ec2:CreateInternetGateway | Create a new Internet Gateway. |
| ec2:AttachInternetGateway | Attach an Internet Gateway to a VPC. | |
| ec2:DetachInternetGateway | Detach an Internet Gateway from a VPC. | |
| ec2:DeleteInternetGateway | Delete an existing Internet Gateway. | |
| Security Group Operations | ec2:CreateSecurityGroup | Create a new security group. |
| ec2:AuthorizeSecurityGroupIngress | Add inbound (ingress) rules to a security group. | |
| ec2:AuthorizeSecurityGroupEgress | Add outbound (egress) rules to a security group. | |
| ec2:RevokeSecurityGroupIngress | Remove inbound rules from a security group. | |
| ec2:RevokeSecurityGroupEgress | Remove outbound rules from a security group. | |
| ec2:DescribeSecurityGroups | Retrieve details about security groups. |
Note: While some actions overlap (for example, creating a VPC is part of editing networks), the above mapping ensures that your AWS credentials have comprehensive permissions to manage all required resources.
For detailed AWS IAM policy information, refer to the AWS IAM Documentation
Designing Your Kubernetes Cluster¶
After successfully configuring your project and authentication, design your Kubernetes cluster on AWS.
1. Adding the Control Plane Node Group¶
- Purpose: This node group will host the Kubernetes control plane.
- Steps:
- Choose your Region: Select the same AWS region as your resources.
- Select EC2 Instance Type: Choose an instance type suitable for control plane operations.
2. Adding the Workernode Group¶
- Purpose: This group will run your containerized applications.
- Steps:
- Choose your Region: Ensure you select the same AWS region as the control plane.
- Select EC2 Instance Type: Pick an instance type based on your workload requirements.
- Important: All nodes (control plane and worker nodes) must be in the same region.
Finalizing Cluster Initialization¶
Once you’ve designed your Kubernetes cluster:
- Initialize Cluster: Click the Initialize button to deploy your Kubernetes cluster on AWS.
- Status Notification: You will receive an email with the cluster status and further instructions.
7. Additional Resources¶
For further assistance or to explore advanced configuration options, please refer to these resources: