Prerequisites¶
Complete the following prerequisites prior to installing MKE on AWS.
Log in to the AWS Management Console.
Assign a host name to your instance. To determine the host name, run the following curl command within the EC2 instance:
curl http://169.254.169.254/latest/meta-data/hostname
Tag your instance, VPC, security-groups, and subnets by specifying
kubernetes.io/cluster/<unique-cluster-id>
in the Key field and<cluster-type>
in the Value field. Possible<cluster-type>
values are as follows:owned
, if the cluster owns and manages the resources that it createsshared
, if the cluster shares its resources between multiple clusters
For example, Key:
kubernetes.io/cluster/1729543642a6
and Value:owned
.To enable introspection and resource provisioning, specify an instance profile with appropriate policies for manager nodes. The following is an example of a very permissive instance profile:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "route53:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::kubernetes-*" ] } ] }
To enable access to dynamically provisioned resources, specify an instance profile with appropriate policies for worker nodes. The following is an example of a very permissive instance profile:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::kubernetes-*"] }, { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:AttachVolume", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:DetachVolume", "Resource": "*" }, { "Effect": "Allow", "Action": ["route53:*"], "Resource": ["*"] } ] }