Kublr Platform on Amazon Web Services
Install Kublr-in-a-Box. Please refer to Installation Guide for Kublr-in-a-Box.
This document describes the steps necessary to deploy the Kublr Platform in an Amazon Web Services infrastructure. It contains the following steps:
- Create AWS API credentials and create AWS IAM Policy
- Deploy Kublr Platform to AWS infrastructure
- Open deployed Kublr Platform
- (Optional) Setup custom DNS name for Kublr Platform
Create AWS API Credentials and Create AWS IAM Policy
Create AWS Policy and AWS API credentials for Kublr
For Kublr to create a cluster in your AWS account, you’ll need to create an AWS policy as well as an AWS API Access Key. All cluster resources, such as EC2 Instances, Load Balancers, Security Groups, Autoscaling Groups are created in your Amazon AWS account using the AWS API and will be managed by Kublr.
Use your AWS root account credential to sign in to the AWS Management Console. If you previously signed into the console with your IAM user credentials, your browser might open the IAM user sign-in page. To avoid that, choose sign in using your root account credentials to access the AWS account sign-in page.
Create the AWS Security Policy for Kublr API Access
- IAM console: choose Policies, in the navigation column on the left.
- At the top of the page, choose Create Policy.
- On the Create Policy page, select Create Your Own Policy.
- Enter the Policy Name.
- In the Policy Document section, enter this policy profile.
- Click Create Policy to generate the policy.
- Choose Users in the navigation column on the left.
- At the top of the page, select Add User
- Enter your username and select Programmatic Access.
- Click Next Permissions.
- Select Attach Existing Policy Directly
- Select the policy you created.
- Click Next Review.
- Click Create User.
Done! You’ve successfully created the user.
Create a new AWS Access Key
- On the top right of the console, click on your account name or number. Then choose My Security Credentials.
- Choose Continue to Security Credentials.
- Expand the Access Keys (Access Key ID and Secret Access Key) section.
- Choose Create New Access Key.
Connect AWS and Kublr
- Log into Kublr using your credentials.
- Click on the Credentials menu in the left navigation menu bar.
- Click Add Credentials
- Under credential type, select AWS Credentials.
- Enter Credentials Name (e.g. Test).
- Enter Access Key from AWS Management Console / IAM (see above).
- Enter Secret Key from AWS Management Console / IAM (see above).
- Click Save Credentials.
- “Credentials have been successfully created” popup appears.
- Click to verify if credentials are valid and ready to be used.
Deploying Kublr Platform to AWS infrastructure
- Click on Cluster Menu in the left navigation menu bar.
- Click on Add Kublr Platform or Deploy Full Kublr Platform.
- You may see short Kublr Platform description.
- Enter Kublr Platform name.
- Select Provider: Amazon Web Services and region.
- Select credentials created and/or saved on previous step.
- Select operating system to be used for Kublr cluster instances.
- Select number of master nodes and instance type.
- Select number of worker nodes and instance type.
- Select credentials for accessing newly deployed Kublr platform.
- Click Confirm and Install.
A “congratulations” box will appear “Your cluster is being created. It might take a few minutes.”.
Opening deployed Kublr Platform
The Kublr Platform creation may take up to 30 minutes to complete.
- Once it’s done, on the Clusters page you will see:
- Click on “Open Kublr Platform” button to open Kublr platform.
- Please allow it to use self-signed SSL certificate.
- Sign In to the Kublr Platform using the admin Username and Password provided while creating Kublr Platform above.
Now you can use Kublr Platform!
(Optional) Setting up custom DNS name for Kublr Platform
This optional step is for if you want a user-friendly DNS name such as https://kublr.example.com/ instead of the default loadbalancer address, which looks like “https://a3730363410f511e8bfd502a4587192e-67484441.us-east-1.elb.amazonaws.com/".
In order to do this, please create a new DNS A record with type Alias for kublr.example.com pointing to LoadBalancer DNS Name.
Instructions on how to setup SSL certificate for this domain are provided in the article: Ingress TLS/SSL Setup.