Prerequisites¶
Complete the following prerequisites prior to installing MKE on AWS.
Log in to the AWS Management Console.
Assign your instance a host name using the
ip-<private ip>.<region>.compute.internal
template. For example,ip-172-31-15-241.us-east-2.compute.internal
.Tag your instance, VPC, and subnets by specifying
kubernetes.io/cluster/<unique-cluster-id>
in the Key field and<cluster-type>
in the Value field. Possible<cluster-type>
values are as follows:owned
, if the cluster owns and manages the resources that it createsshared
, if the cluster shares its resources between multiple clusters
For example, Key:
kubernetes.io/cluster/1729543642a6
and Value:owned
.To enable introspection and resource provisioning, specify an instance profile with appropriate policies for manager nodes. The following is an example of a very permissive instance profile:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "route53:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::kubernetes-*" ] } ] }
To enable access to dynamically provisioned resources, specify an instance profile with appropriate policies for worker nodes. The following is an example of a very permissive instance profile:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::kubernetes-*" ] }, { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:AttachVolume", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:DetachVolume", "Resource": "*" }, { "Effect": "Allow", "Action": [ "route53:*" ], "Resource": [ "*" ] } }