This Page includes more info about different cloud providers
This is the multi-page printable view of this section. Click here to print.
Cloud Provider
- 1: Amazon Web Services
- 2: Azure
- 3: Civo
- 4: Google Cloud Platform
- 5: Local
1 - Amazon Web Services
AWS integration for High Availability and Managed Kubernetes Clusters
Caution
AWS credentials are required to access clusters. These credentials are sensitive information and must be kept secure.Authentication Methods
Environment Variables
Set the following environment variables:
export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
Command Line Interface
Use the ksctl credential manager:
ksctl cred
Available Cluster Types
Highly Available (HA) Clusters
Self-managed clusters with the following components:
- Distributed etcd database instances
- HAProxy load balancer for control plane high availability
- Multiple control plane nodes
- Worker nodes
Choose between two bootstrap options:
- k3s (lightweight Kubernetes distribution)
- kubeadm (official Kubernetes bootstrap tool)
Amazon EKS (Managed Clusters)
Elastic Kubernetes Service deployment with automated:
- IAM role creation and management
- Control plane setup
- Node group configuration
IAM Configuration
For each cluster, ksctl creates two roles:
ksctl-<clustername>-wp-role
: Manages node pool permissionsksctl-<clustername>-cp-role
: Handles control plane access
Required IAM Policies
- Custom IAM Role Access Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor6",
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:GetRole",
"iam:GetInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:ListInstanceProfiles",
"iam:AddRoleToInstanceProfile",
"iam:ListInstanceProfilesForRole",
"iam:PassRole",
"iam:CreateServiceLinkedRole",
"iam:DetachRolePolicy",
"iam:DeleteRolePolicy",
"iam:DeleteServiceLinkedRole",
"iam:GetRolePolicy",
"iam:SetSecurityTokenServicePreferences"
],
"Resource": [
"arn:aws:iam::*:role/ksctl-*",
"arn:aws:iam::*:instance-profile/*"
]
}
]
}
- Custom EKS Access Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"eks:ListNodegroups",
"eks:ListClusters",
"eks:*"
],
"Resource": "*"
}
]
}
- AWS Managed Policies Required
- AmazonEC2FullAccess
- IAMReadOnlyAccess
Kubeconfig Authentication
After switching to an AWS cluster using:
ksctl switch aws --name here-you-go --region us-east-1
The generated kubeconfig uses AWS STS tokens which expire after 15 minutes. When you encounter authentication errors, simply run the switch command again to refresh the credentials.
Looking for CLI Commands?
All CLI commands mentioned in this documentation have detailed explanations in our command reference guide.
CLI Reference
๐ Check out our comprehensive CLI Commands Reference for:
- Detailed command syntax
- Usage examples
- Available options and flags
- Common use cases
2 - Azure
Azure support for High Availability and Managed Kubernetes Clusters
Caution
Azure credentials are required to access clusters. These credentials are sensitive information and must be kept secure.Azure Credential Requirements
Subscription ID
Your Azure subscription identifier can be found in your subscription details.
Tenant ID
Located in the Azure Dashboard, which provides access to all required credentials.
To locate your Tenant ID:
Client ID (Application ID)
Represents the identifier of your registered application.
Steps to create:
- Navigate to App Registrations
Register a new application
Obtain the Client ID
Client Secret
Authentication key for your registered application.
Steps to generate:
Access secret creation
Configure secret settings
Save the generated secret
Role Assignment
Configure application permissions:
- Navigate to Subscriptions > Access Control (IAM)
- Select “Role Assignment”
- Click “Add > Add Role Assignment”
- Create new role and specify the application name
- Configure desired permissions
Authentication Methods
Environment Variables
export AZURE_TENANT_ID=""
export AZURE_SUBSCRIPTION_ID=""
export AZURE_CLIENT_ID=""
export AZURE_CLIENT_SECRET=""
Command Line Interface
ksctl cred
Available Cluster Types
High Availability (HA) Clusters
Self-managed clusters with the following components:
- Distributed etcd database instances
- HAProxy load balancer for control plane high availability
- Multiple control plane nodes
- Worker nodes
Bootstrap options:
- k3s (lightweight Kubernetes distribution)
- kubeadm (official Kubernetes bootstrap tool)
Azure Kubernetes Service (AKS)
Fully managed Kubernetes service by Azure.
Cluster Management Features
Cluster Operations
Managed Clusters (AKS)
- Create and delete operations
- Cluster switching
- Infrastructure updates currently not supported
High Availability Clusters
- Worker node scaling (add/remove)
- Secure SSH access to all components:
- Database nodes
- Load balancer
- Control plane nodes
- Worker nodes
- Protected by SSH key authentication
- Public access enabled
Looking for CLI Commands?
All CLI commands mentioned in this documentation have detailed explanations in our command reference guide.
CLI Reference
๐ Check out our comprehensive CLI Commands Reference for:
- Detailed command syntax
- Usage examples
- Available options and flags
- Common use cases
3 - Civo
Civo support for High Availability and Managed Kubernetes Clusters
Caution
Civo API credentials are required to access clusters. These credentials are sensitive information and must be kept secure.Obtaining Civo Credentials
1. Access API Settings
Navigate to your Civo dashboard settings:
2. Open Profile Settings
Select your profile section:
3. Generate API Key
Access the API keys section and create or copy your API token:
Authentication Methods
Environment Variables
Set your Civo API token:
export CIVO_TOKEN=""
Command Line Interface
Use the ksctl credential manager:
ksctl cred
Available Cluster Types
High Availability (HA) Clusters
Self-managed clusters with the following components:
- Distributed etcd database instances
- HAProxy load balancer for control plane high availability
- Multiple control plane nodes
- Worker nodes
Bootstrap options:
- k3s (lightweight Kubernetes distribution)
- kubeadm (official Kubernetes bootstrap tool)
Civo Kubernetes Service (CKS)
Fully managed Kubernetes service by Civo.
Cluster Management Features
Cluster Operations
Managed Clusters (CKS)
- Cluster creation and deletion
- Cluster switching capability
- Infrastructure updates currently not supported
High Availability Clusters
Node Management
- Dynamic worker node scaling (add/remove nodes)
- Secure SSH access to cluster components
Access Control
Control Plane Components
- Database nodes (Public access)
- Load balancer (Public access)
- Control plane nodes (Public access)
- All secured with SSH key authentication
Worker Nodes
- Private network access only
- SSH access via internal network
- Protected by SSH key authentication
Looking for CLI Commands?
All CLI commands mentioned in this documentation have detailed explanations in our command reference guide.
CLI Reference
๐ Check out our comprehensive CLI Commands Reference for:
- Detailed command syntax
- Usage examples
- Available options and flags
- Common use cases
4 - Google Cloud Platform
Gcp support for HA and Managed Clusters
Caution
we need credentials to access clusters
these are confidential information so shouldn’t be shared with anyone
5 - Local
It creates cluster on the host machine utilizing kind
Note
Prequisites: DockerCurrent features
currently using Kind Kubernetes in Docker
Looking for CLI Commands?
All CLI commands mentioned in this documentation have detailed explanations in our command reference guide.
CLI Reference
๐ Check out our comprehensive CLI Commands Reference for:
- Detailed command syntax
- Usage examples
- Available options and flags
- Common use cases