AWS¶
AWS cloud provider requires you to input the credentials as an accesskey
and a secretkey
.
Compute and DNS example¶
apiVersion: v1
kind: Secret
metadata:
name: aws-secret
data:
accesskey: U0xEVVRLU0hGRE1TSktESUFMQVNTRA==
secretkey: aXVoYk9JSk4rb2luL29saWtEU2Fkc25vaVNWU0RzYWNvaW5PVVNIRA==
type: Opaque
Create AWS credentials¶
Prerequisites¶
- Install AWS CLI tools by following this guide.
- Setup AWS CLI on your machine by following this guide.
- Ensure that the regions you're planning to use are enabled in your AWS account. You can check the available regions using this guide, and you can enable them using this guide. Otherwise, you may encounter a misleading error suggesting your STS token is invalid.
Creating AWS credentials for Claudie¶
-
Create a user using AWS CLI:
aws iam create-user --user-name claudie
-
Create a policy document with compute and DNS permissions required by Claudie:
cat > policy.json <<EOF { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "ec2:*" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "route53:*" ], "Resource":"*" } ] } EOF
DNS permissions
Exclude route53 permissions from the policy document, if you prefer not to use AWS as the DNS provider.
-
Attach the policy to the claudie user:
aws iam put-user-policy --user-name claudie --policy-name ec2-and-dns-access --policy-document file://policy.json
-
Create access keys for claudie user:
aws iam create-access-key --user-name claudie
{ "AccessKey":{ "UserName":"claudie", "AccessKeyId":"AKIAIOSFODNN7EXAMPLE", "Status":"Active", "SecretAccessKey":"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "CreateDate":"2018-12-14T17:34:16Z" } }
DNS setup¶
If you wish to use AWS as your DNS provider where Claudie creates DNS records pointing to Claudie managed clusters, you will need to create a public hosted zone by following this guide.
AWS is not my domain registrar
If you haven't acquired a domain via AWS and wish to utilize AWS for hosting your zone, you can refer to this guide on AWS nameservers. However, if you prefer not to use the entire domain, an alternative option is to delegate a subdomain to AWS.
Input manifest examples¶
Create a secret for AWS provider¶
The secret for an AWS provider must include the following mandatory fields: accesskey
and secretkey
.
kubectl create secret generic aws-secret-1 --namespace=mynamespace --from-literal=accesskey='SLDUTKSHFDMSJKDIALASSD' --from-literal=secretkey='iuhbOIJN+oin/olikDSadsnoiSVSDsacoinOUSHD'
Single provider, multi region cluster example¶
apiVersion: claudie.io/v1beta1
kind: InputManifest
metadata:
name: AWSExampleManifest
labels:
app.kubernetes.io/part-of: claudie
spec:
providers:
- name: aws-1
providerType: aws
secretRef:
name: aws-secret-1
namespace: mynamespace
nodePools:
dynamic:
- name: control-aws
providerSpec:
# Name of the provider instance.
name: aws-1
# Region of the nodepool.
region: eu-central-1
# Availability zone of the nodepool.
zone: eu-central-1a
count: 1
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-0965bd5ba4d59211c
- name: compute-1-aws
providerSpec:
# Name of the provider instance.
name: aws-1
# Region of the nodepool.
region: eu-central-2
# Availability zone of the nodepool.
zone: eu-central-2a
count: 2
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-0e4d1886bf4bb88d5
storageDiskSize: 50
- name: compute-2-aws
providerSpec:
# Name of the provider instance.
name: aws-1
# Region of the nodepool.
region: eu-central-2
# Availability zone of the nodepool.
zone: eu-central-2a
count: 2
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-0965bd5ba4d59211c
storageDiskSize: 50
kubernetes:
clusters:
- name: aws-cluster
version: v1.24.0
network: 192.168.2.0/24
pools:
control:
- control-aws
compute:
- compute-1-aws
- compute-2-aws
Multi provider, multi region clusters example¶
kubectl create secret generic aws-secret-1 --namespace=mynamespace --from-literal=accesskey='SLDUTKSHFDMSJKDIALASSD' --from-literal=secretkey='iuhbOIJN+oin/olikDSadsnoiSVSDsacoinOUSHD'
kubectl create secret generic aws-secret-2 --namespace=mynamespace --from-literal=accesskey='ODURNGUISNFAIPUNUGFINB' --from-literal=secretkey='asduvnva+skd/ounUIBPIUjnpiuBNuNipubnPuip'
apiVersion: claudie.io/v1beta1
kind: InputManifest
metadata:
name: AWSExampleManifest
labels:
app.kubernetes.io/part-of: claudie
spec:
providers:
- name: aws-1
providerType: aws
secretRef:
name: aws-secret-1
namespace: mynamespace
- name: aws-2
providerType: aws
secretRef:
name: aws-secret-2
namespace: mynamespace
nodePools:
dynamic:
- name: control-aws-1
providerSpec:
# Name of the provider instance.
name: aws-1
region: eu-central-1
# Availability zone of the nodepool.
zone: eu-central-1a
count: 1
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-0965bd5ba4d59211c
- name: control-aws-2
providerSpec:
# Name of the provider instance.
name: aws-2
# Region of the nodepool.
region: eu-north-1
# Availability zone of the nodepool.
zone: eu-north-1a
count: 2
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-03df6dea56f8aa618
- name: compute-aws-1
providerSpec:
# Name of the provider instance.
name: aws-1
# Region of the nodepool.
region: eu-central-2
# Availability zone of the nodepool.
zone: eu-central-2a
count: 2
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-0e4d1886bf4bb88d5
storageDiskSize: 50
- name: compute-aws-2
providerSpec:
# Name of the provider instance.
name: aws-2
# Region of the nodepool.
region: eu-north-3
# Availability zone of the nodepool.
zone: eu-north-3a
count: 2
# Instance type name.
serverType: t3.medium
# AMI ID of the image.
# Make sure to update it according to the region.
image: ami-03df6dea56f8aa618
storageDiskSize: 50
kubernetes:
clusters:
- name: aws-cluster
version: v1.24.0
network: 192.168.2.0/24
pools:
control:
- control-aws-1
- control-aws-2
compute:
- compute-aws-1
- compute-aws-2