Platform-Specific Instructions

Google GCP System Installation

This section describes the specific additional or different steps necessary to install DKube on a GCP system.

  • The VM should have a static IP address

  • Create firewall rules that conform to Access to the Cluster

  • Associate the rules with a Virtual Public Cloud (VPC)

  • Create VMs that use the VPC

Once these steps have been taken, go to the section Cluster and DKube Resiliency and continue with the installation.


Amazon AWS System Installation

This section describes the specific additional or different steps necessary to install DKube on an AWS system.

  • The VM should have a static IP address

  • Create a security group that conforms to Access to the Cluster

  • Attach the security group to the VMs

  • Assign roles to the nodes as explained in this section

IAM Roles

AWS DKube installation requires that specific roles be assigned to the nodes, depending upon their node type (master and worker). The roles must be assigned as follows:

Type of Node

Role

Master Node Only (no Workers)

kubernetes-master-node

Master Node (Cluster that includes Workers)

kubernetes-master

Worker Node

kubernetes-node

The roles are assigned to the instances from the Instance dashboard.

  • Actions

    • Instance Settings

      • Attach/Replace IAM Role

If the role does not exist yet, it must be created from the IAM Role screen.

  • Create new IAM Role

    • Create role

      • <Choose Service>

        • Create Policy

          • JSON

            • <Cut and paste policy from the appropriate section below>

              • Review policy

                • <Name Policy>

                  • Create Policy

kubernetes-master

This is used for the Master node if there are also Worker nodes on the cluster.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["ec2:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["elasticloadbalancing:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["route53:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::kubernetes-*" ] } ] }

kubernetes-node

This is used for the Worker nodes on the cluster.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::kubernetes-*" ] }, { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:AttachVolume", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:DetachVolume", "Resource": "*" }, { "Effect": "Allow", "Action": ["route53:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:BatchGetImage" ], "Resource": "*" } ] }

kubernetes-master-node

This is used for the Master node if there are no other nodes on the cluster (i.e. Master node only - no Workers).

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["ec2:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["elasticloadbalancing:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["route53:*"], "Resource": ["*"] }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::kubernetes-*" ] }, { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:BatchGetImage" ], "Resource": "*" } ] }

Adding ssh Key at Instance Creation

In the AWS Console GUI, click on “Key Pairs”. Then click on “Import Key Pair”. Paste the contents of “ssh-rsa.pub” into the “Public key contents” section and give it a “Key pair name”. Click “Import”.

Use the same ssh keypair Name during Instance creation (which will be the last step in the instance creation).

_images/aws-create-key.jpg

Once these steps have been taken, go to the section Cluster and DKube Resiliency and continue with the installation.