In {product-title} version {product-version}, you can install a cluster on Amazon Web Services (AWS) with customized network configuration options. By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations.
You must set most of the network configuration parameters during installation,
and you can modify only kubeProxy
configuration parameters in a running
cluster.
-
You reviewed details about the {product-title} installation and update processes.
-
You read the documentation on selecting a cluster installation method and preparing it for users.
-
You configured an AWS account to host the cluster.
ImportantIf you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see Managing Access Keys for IAM Users in the AWS documentation. You can supply the keys when you run the installation program.
-
If you use a firewall, you configured it to allow the sites that your cluster requires access to.
By default, administrator secrets are stored in the kube-system
project. If you configured the credentialsMode
parameter in the install-config.yaml
file to Manual
, you must use one of the following alternatives:
-
To manage long-term cloud credentials manually, follow the procedure in Manually creating long-term credentials.
-
To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in Configuring an AWS cluster to use short-term credentials.
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
You have the following options when creating AWS resources:
-
You can use the
ccoctl aws create-all
command to create the AWS resources automatically. This is the quickest way to create the resources. See Creating AWS resources with a single command. -
If you need to review the JSON files that the
ccoctl
tool creates before modifying AWS resources, or if the process theccoctl
tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See Creating AWS resources individually.
Note
|
For more information on using a Network Load Balancer (NLB) on AWS, see Configuring Ingress cluster traffic on AWS using a Network Load Balancer. |
Note
|
For more information about using Linux and Windows nodes in the same cluster, see Understanding Windows container workloads. |
-
See Accessing the web console for more details about accessing and understanding the {product-title} web console.
-
If necessary, you can opt out of remote health reporting.
-
If necessary, you can remove cloud provider credentials.