Setting up Kubernetes on AWS requires a well-prepared infrastructure. From configuring security groups to launching EC2 instances and assigning Elastic IPs, each step plays a critical role in ensuring your cluster functions smoothly. This guide walks you through the process, providing a solid foundation for deploying Kubernetes on AWS.
Step 1: Setting Up Security Groups
Security groups in AWS act as virtual firewalls, controlling inbound and outbound traffic for your EC2 instances. For Kubernetes, you’ll need separate security groups for the control plane and worker nodes.
Control Plane Security Group
1. In the AWS Management Console, navigate to Security Groups and click Create Security Group.
2. Add the following inbound rules:
– Port 22 (SSH): Allow access from “Anywhere” for remote management.
– Port 6443 (Kubernetes API Server): Allow access from “Anywhere” or your specific IP range.
– Ports 2379-2380: Allow access from your VPC CIDR block for etcd communication.
– Ports 10250-10259: Allow access from your VPC CIDR block for Kubelet and other internal communication.
3. Add an outbound rule to allow all traffic to “Anywhere”.
Worker Nodes Security Group
1. Repeat the process to create a second security group for worker nodes.
2. Add the following inbound rules:
– Port 22 (SSH): Allow access from “Anywhere”.
– Ports 10250-10256: Allow access from your VPC CIDR block for Kubelet communication.
3. Add an outbound rule to allow all traffic to “Anywhere”.
Step 2: Launching EC2 Instances
For this setup, you’ll need at least two EC2 instances: one for the control plane and another for the worker node. Follow these steps for each instance:
Control Plane Instance
1. Go to EC2 Instances in the AWS Management Console and click Launch Instance.
2. Configure the instance:
– Name: Assign a name like k8s-control-plane.
– AMI: Use an Ubuntu 22.04 LTS (64-bit) AMI.
– Instance Type: Select t2.medium for a balance of cost and performance (2 vCPUs, 4GB RAM).
– Key Pair: Create a new key pair (e.g., k8s-master-key) or use an existing one.
– Network Settings: Select the appropriate VPC and attach the Control Plane Security Group.
– Storage: Allocate at least 12 GB of storage.
3. Launch the instance.
Worker Node Instance
1. Repeat the above steps, but:
– Name: Assign a name like k8s-worker-node.
– Security Group: Attach the Worker Node Security Group.
– Storage: Allocate at least 15 GB of storage.
Step 3: Assigning Elastic IPs
Elastic IPs provide static public IP addresses for your instances, ensuring they remain consistent even if the instance is stopped and restarted.
1. In the Elastic IPs section of the AWS Management Console, click Allocate Elastic IP Address.
2. Assign one Elastic IP for the Control Plane Instance:
– Select the allocated Elastic IP.
– Click Actions > Associate Elastic IP Address.
– Choose the control plane instance and attach the Elastic IP.
3. Repeat the process for the Worker Node Instance.
Best Practices for AWS Setup
1. Use private IP addresses: When operating in a secure environment, use private IPs and restrict public access to critical components.
2. Enable monitoring: Use AWS CloudWatch to monitor EC2 instances and traffic patterns.
3. Plan storage carefully: Allocate sufficient storage for Kubernetes components like logs and persistent volumes.
Outro
Setting up a secure and functional AWS environment is the first step toward deploying Kubernetes successfully. By carefully configuring security groups, launching EC2 instances, and assigning Elastic IPs, you lay a solid foundation for your cluster.
In the next blog, we’ll cover configuring your Kubernetes nodes, including pre-requisites and installing key components like kubeadm, kubelet, and kubectl. Stay tuned!
In our five-year journey, CoReCo Technologies has guided more than 60 global businesses across industries and scales. Our partnership extends beyond technical development to strategic consultation, helping clients either validate their market approach or pivot early – leading to successful funding rounds, revenue growth, and optimized resource allocation.
Ready to explore how these technologies could transform your business? Or have other tech challenges to discuss? Please contact us at [email protected] to start the conversation.