The AWS add-on enables the Kubernetes control plane to be configured to use the Amazon Web Services (AWS) cloud provider integration. For more information about these components, see the Kubernetes
cloud-provider-aws repository. For information about the kubeadm add-on, see Kubernetes (kubeadm) Add-On.
This integration, provided by Kubernetes, creates an interface between the Kubernetes cluster and specific AWS APIs. This enables the:
For more information about the AWS cloud provider, see AWS Cloud Provider in the Kubernetes documentation.
The AWS cloud provider performs some tasks on behalf of the operator, such as creating an ELB or an EBS volume. Considering this, you must create identity and access management (IAM) policies in your AWS account.
For more information about AWS IAM, see AWS Identity and Access Management (IAM) in the AWS documentation.
For more information about the required permissions for Amazon Web Services (AWS) cloud provider integration, see the Prerequisites section in the Kubernetes documentation.
After the prerequisite policies are created, you must assign them to the appropriate resources in your AWS account.
For more information about AWS policies prerequisites, see Prerequisites in the Kubernetes documentation.
For more information about tagging, see AWS Documentation: Tagging your Amazon EC2 Resources in the AWS documentation.
The following resources are discovered and managed only after the tags are assigned:
These resources must have a tag with the key of
kubernetes.io/cluster/<cluster-name>. By default, the Kubernetes add-on uses the cluster name
kubernetes. The value for this key is
owned. Alternatively, if you choose to share resources between clusters, the value
shared can be used. For more information about the Kubernetes add-on, see Advanced Install Options in Kubernetes add-on.
The AWS add-on is supported only:
There are additional requirements when creating a
workernode role to use this integration. See Kubernetes AWS Cloud Provider in the Kubernetes documentation. Failure to have two nodes available, one of which is a worker node, will require an AWS administrator for your account to manually register the ELB in the AWS management console.
LoadBalancerservice where there is more than one security group attached to your cluster nodes, you must tag only one of the security groups as
ownedso that Kubernetes knows which group to add and remove rules from. A single, untagged security group is allowed, however, sharing this untagged security group between clusters is not recommended.
LoadBalancerservice. This requires that these internet-facing and internal AWS ELB resources are properly tagged in your AWS account to operate successfully. For more information about AWS subnet tagging, see AWS Documentation: Subnet tagging for load balancers in the AWS documentation.
The following example shows the exclusion of AWS-EBS provisioner storage class provided by the AWS add-on:
spec: aws: version: 0.1.0 excludeStorageClass: false
|version||The version of aws to be installed.|
|excludeStorageClass||Exclude AWS-EBS provisioner storage class provided by the AWS add-on. When `true`, another storage provisioner, such as Longhorn, must be used.|
When the AWS add-on is enabled, you do not need to add a volume provisioner add-on to the kURL specification because you can use the default AWS EBS volume provisioner.
For more information about the AWS EBS volume provisioner, see Amazon Elastic Block Store (EBS) in the the AWS documentation.