Production grade Kubernetes cluster on AWS

Production grade k8s cluster deployment on AWS cloud

These AWS CloudFormation templates and scripts set up a flexible, secure, fault-tolerant Kubernetes cluster in AWS private VPC environment automatically, into a configuration of your choice. The project main purposes are: simple, painless, script-less, easy Kubernetes environment deployment in 1 step.

We provide two deployment versions with the same underlying AWS VPC toplogy:

The Kubernetes Operations ("kops") project and AWS CloudFormation (CFN) templates togedther with bootstrap scripts, help to automate the whole process. The final result is a 100% Kubernetes cluster, with 100% Kops compatibility, what you can manage from either the Bastion host, via OpenVPN or using HTTPS API through AWS ELB endpoint.

The project keeps focus on security, transparency and simplicity. This guide is mainly created for developers, IT architects, administrators, and DevOps professionals who are planning to implement their Kubernetes workloads on AWS.

Full-scale architecture

Resources deployed

Small footprint architecture

Resources deployed

How To build your cluster?

Choose which deployment type you prefer:

The cluster (via bastion host) creation lasts around 10-15 minutes, please be patient.

To customize your deployment, you can choose different instance types for the Kubernetes cluster and the bastion host, choose the number of worker nodes, API endpoint type, logging option, OpenVPN install, plug-ins.

For detailed instructions, see the deployment guide.

The cluster (via bastion host) creation lasts around 10 minutes, please be patient.

After the clutser has been created, just connect to the bastion host via SSH, the "kops", "kubectl" and "helm" commands working out-of-the box, no extras steps needed!


Optional: If you choose in template options, all container logs are sent to AWS CloudWatch Logs. In that case, local "kubectl" logs aren't available internally via API call (e.g. kubectl logs ... command: "Error response from daemon: configured logging driver does not support reading") Please check the AWS CloudWatch / Logs / K8s* for container logs.

Abstract paper

Have a look at this abstract paper for the high level details of this solution.


Costs and licenses

You are responsible for the cost of the AWS services used while running this deployment. Our project hosted under Apache 2.0 open source license.

TC2's GitHub repostory

You can visit TC2's GitHub repository to download the templates and scripts for this public release of the deployment guide. Total Cloud Consulting will be updating this guide on a regular basis.


It will surely go with us!