DEV Community


Posted on • Updated on

Setup your own Kubernetes Cluster with Kops and AWS Infrastructure

As you started reading this article, so I believe you must known What is kubernetes and AWS.

Pre-requisite configuration:

  1. AWS Account →

  2. Kubectl (Kubernetes Command-lin Tool):
    Install Kubectl on your system →

  3. KOPS (Kubernetes Operations):
    Install Kops on your system, follow this official documentation →

  4. Install AWS CLI and configure -

Verify installation by execcuting aws --version

You need to create new user on AWS. However you can use root user, but its not recommended at all.

  • Open IAM console:
  • In the navigation pane, choose Users and then choose Add user
  • Type user name for new user. I am using kops as a username for simplicity
  • Select type of access as Programmatic access
  • Choose Next for Permission and give admin access to this user with AdministratorAccess Policy
  • Choose next for Tags and Review
  • This will creates an Access Key ID and Secret Access Key. Store them securely as You will not have access to the secret access key again after this step.

Use command aws configure and enter Access Key ID, Secret Access Key and Default Region Name on prompt. I am using ap-south-1 which is Asia Pacific server at Mumbai. See list of aws regions here.

Deploying Kubernetes to AWS

Setup IAM user

Create an IAM user with following permissions:


Do it with command line>

aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops

aws iam create-user --user-name kops

aws iam add-user-to-group --user-name kops --group-name kops

aws iam create-access-key --user-name kops

Buy a domain (If don't have already)

I have buy (:p) for this tutorial

Create Hosted Zone in AWS

Create hosted zone in AWS and update NS in DNS of domain provider

Test the DNS setup

dig ns

should get something like
;; ANSWER SECTION: 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS

Create cluster state storage on S3

aws s3api create-bucket \
--bucket dev-kubernetes-cf-state-store \
--region ap-south-1
--create-bucket-configuration LocationConstraint=<region>

aws s3api put-bucket-versioning --bucket dev-kubernetes-cf-state-store --versioning-configuration Status=Enabled

aws s3api put-bucket-encryption --bucket dev-kubernetes-cf-state-store --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'

Creating the Cluster

export KOPS_STATE_STORE=s3://dev-kubernetes-cf-state-store

aws ec2 describe-availability-zones --region ap-south-1

  • create secret generate local keys: ssh-keygen

kops create secret --name sshpublickey admin -i ~/.ssh/

create SSL using AWS Certificate Manager

kops create cluster \
--zones ap-south-1a \
--state s3://dev-kubernetes-cf-state-store \
--api-ssl-certificate arn:aws:acm:[aws-cert-key-id} \
<!-- --topology private \ -->

Master and Worker nodes are configurable in termas of specification and count

If you want to edit something
kops edit cluster ${NAME}

Finally apply cluster configuration
kops update cluster ${NAME} --yes

kubectl get nodes

use following command to validate cluster is up and running, it may take up to 10-15 minutes to complete setup
kops validate cluster

Install Kubernetes Dashboard

Connect to master

ssh to the master: ssh -i ~/.ssh/id_rsa

Install Kube Dashboard

kubectl apply -f

Create the service account in the current namespace

kubectl create serviceaccount my-dashboard-sa

Give that service account root access on the cluster

kubectl create clusterrolebinding my-dashboard-sa \
--clusterrole=cluster-admin \

Find the secret that was created to hold the token for the SA

kubectl get secrets

Show the contents of the secret to extract the token

kubectl describe secret my-dashboard-sa-token-xxxxx

run kubectl proxy

Install ngnix-controller with helm

Install Helm -

helm install nginx-cntroller nginx/nginx-ingress

apply SSL on Load Balancer

update load balancer endpoint url in Route53 as alias target

change loadbalancer instance port of 443 same as 80

create service i.e. goapp

User followign docker image for quick reference:

create an ingress with following configuration

kind: Ingress
  name: dev-ingress
  - host:
      - path: /go
          serviceName: goapp
          servicePort: 80


Replace with your domain name

Top comments (0)