Skip to main content
Skip table of contents

Amazon Web Service

Kubedna supports AWS, enabling you to deploy and manage Kubernetes clusters directly on the AWS platform. This guide provides step-by-step instructions to configure your project, set up authentication with AWS credentials, and design your Kubernetes cluster with the proper IAM permissions.

Subscription Tier Selection

Begin by selecting the subscription tier that best meets your needs. Choose from the following options:

  • Nucleus (Standard)

  • Genome (Business)

  • Biom (Enterprise)


Project Configuration

Provide the following details to configure your project:

  • Project Name: Choose a unique name to identify your project.

  • Project Description: Include a brief overview of the project’s purpose and requirements.


AWS Account & Region Setup

Next, specify your AWS environment details:

  • AWS Account: Ensure that your AWS account has the necessary privileges.

  • Region: Select the AWS region where your resources will be deployed. (Note: All nodes within a Kubernetes cluster must be in the same region.)


Credentials & Permission Configuration

For Kubedna to manage AWS resources, you must supply AWS credentials (Access Key ID and Secret Access Key) that have the required IAM permissions. Ensure that your IAM policy includes the following actions:

AWS Permission Mapping

Category

Permission

Description

Compute Instance Management

ec2:RunInstances

Launch new EC2 instances.

ec2:DescribeInstances

Retrieve details of existing EC2 instances.

Elastic IP Address Management

ec2:AllocateAddress

Allocate a new Elastic IP address.

ec2:DescribeAddresses

List and retrieve details of allocated IP addresses.

ec2:AssociateAddress

Associate an allocated IP address with an instance or network interface.

Route Table Operations

ec2:AssociateRouteTable

Associate a subnet with a specific route table.

ec2:CreateRouteTable

Create a new route table within a VPC.

ec2:DeleteRouteTable

Delete an existing route table.

ec2:DescribeRouteTables

List and view details of route tables.

Launch Template Management

ec2:CreateLaunchTemplate

Create a new EC2 launch template.

ec2:CreateLaunchTemplateVersion

Create a new version for an existing launch template.

ec2:DeleteLaunchTemplate

Delete an entire launch template.

ec2:DeleteLaunchTemplateVersions

Delete specific versions of a launch template.

ec2:DescribeLaunchTemplates

Retrieve details about EC2 launch templates.

ec2:DescribeLaunchTemplateVersions

Retrieve details about the versions of a launch template.

Tagging Operations

ec2:CreateTags

Add tags to EC2 resources for identification and management.

ec2:DeleteTags

Remove tags from EC2 resources.

Descriptive / Informational Operations

ec2:DescribeAccountAttributes

Retrieve attributes of your AWS account.

ec2:DescribeAvailabilityZones

List available Availability Zones in a region.

ec2:DescribeImages

Retrieve information about available AMIs.

ec2:DescribeInternetGateways

List and describe Internet Gateways (more comprehensive than just creation/attachment).

ec2:DescribeKeyPairs

Retrieve details of EC2 key pairs.

ec2:DescribeNetworkInterfaceAttribute

Get attributes of a specific network interface.

ec2:DescribeNetworkInterfaces

List and retrieve details of all network interfaces.

ec2:DescribeSubnets

Retrieve information about subnets.

ec2:DescribeVolumes

List and retrieve details about EBS volumes.

ec2:DescribeVpcAttribute

Retrieve specific attributes of a VPC.

NAT Gateway Operations

ec2:CreateNatGateway

Create a new NAT gateway for outbound internet access.

ec2:DescribeNatGateways

Retrieve information about existing NAT gateways.

ec2:DeleteNatGateway

Delete an existing NAT gateway.

Internet Gateway Operations

ec2:CreateInternetGateway

Create a new Internet Gateway.

ec2:AttachInternetGateway

Attach an Internet Gateway to a VPC.

ec2:DetachInternetGateway

Detach an Internet Gateway from a VPC.

ec2:DeleteInternetGateway

Delete an existing Internet Gateway.

Security Group Operations

ec2:CreateSecurityGroup

Create a new security group.

ec2:AuthorizeSecurityGroupIngress

Add inbound (ingress) rules to a security group.

ec2:AuthorizeSecurityGroupEgress

Add outbound (egress) rules to a security group.

ec2:RevokeSecurityGroupIngress

Remove inbound rules from a security group.

ec2:RevokeSecurityGroupEgress

Remove outbound rules from a security group.

ec2:DescribeSecurityGroups

Retrieve details about security groups.

Note: While some actions overlap (for example, creating a VPC is part of editing networks), the above mapping ensures that your AWS credentials have comprehensive permissions to manage all required resources.

For detailed AWS IAM policy information, refer to the AWS IAM Documentation


Designing Your Kubernetes Cluster

After successfully configuring your project and authentication, design your Kubernetes cluster on AWS.

1. Adding the Control Plane Node Group

  • Purpose: This node group will host the Kubernetes control plane.

  • Steps:

    • Choose your Region: Select the same AWS region as your resources.

    • Select EC2 Instance Type: Choose an instance type suitable for control plane operations.

2. Adding the Workernode Group

  • Purpose: This group will run your containerized applications.

  • Steps:

    • Choose your Region: Ensure you select the same AWS region as the control plane.

    • Select EC2 Instance Type: Pick an instance type based on your workload requirements.

    • Important: All nodes (control plane and worker nodes) must be in the same region.


Finalizing Cluster Initialization

Once you’ve designed your Kubernetes cluster:

  • Initialize Cluster: Click the Initialize button to deploy your Kubernetes cluster on AWS.

  • Status Notification: You will receive an email with the cluster status and further instructions.


7. Additional Resources

For further assistance or to explore advanced configuration options, please refer to these resources:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.