Three layouts are supported. Below is more information about each of them.
WithoutNAT
Recommended layout.
Under this placement strategy, each node gets a public IP (ElasticIP). NAT is not used at all.
Example of the layout configuration:
apiVersion: deckhouse.io/v1
kind: AWSClusterConfiguration
layout: WithoutNAT
provider:
providerAccessKeyId: MYACCESSKEY
providerSecretAccessKey: mYsEcReTkEy
region: eu-central-1
masterNodeGroup:
replicas: 1
instanceClass:
instanceType: m5.xlarge
ami: ami-03818140b4ac9ae2b
nodeGroups:
- name: mydb
nodeTemplate:
labels:
node-role.kubernetes.io/mydb: ""
replicas: 2
instanceClass:
instanceType: t2.medium
ami: ami-03818140b4ac9ae2b
additionalTags:
backup: me
vpcNetworkCIDR: "10.241.0.0/16"
nodeNetworkCIDR: "10.241.32.0/20"
sshPublicKey: ssh-rsa <SSH_PUBLIC_KEY>
tags:
team: rangers
WithNAT
Caution! A bastion host is required to access nodes (it can be created alongside the cluster by specifying the parameters in the section
withNAT.bastionInstance
).
Virtual machines access the Internet using a NAT Gateway with a shared (and single) source IP.
Example of the layout configuration:
apiVersion: deckhouse.io/v1
kind: AWSClusterConfiguration
layout: WithNAT
provider:
providerAccessKeyId: MYACCESSKEY
providerSecretAccessKey: mYsEcReTkEy
region: eu-central-1
withNAT:
bastionInstance:
zone: eu-central-1a
instanceClass:
instanceType: m5.large
ami: ami-09a4a23815cdb5e06
masterNodeGroup:
# Number of master nodes.
# If there is more than one master node, the etcd cluster will be set up automatically.
replicas: 1
instanceClass:
instanceType: m5.xlarge
ami: ami-03818140b4ac9ae2b
nodeGroups:
- name: mydb
nodeTemplate:
labels:
node-role.kubernetes.io/mydb: ""
replicas: 2
instanceClass:
instanceType: t2.medium
ami: ami-03818140b4ac9ae2b
additionalTags:
backup: me
vpcNetworkCIDR: "10.241.0.0/16"
nodeNetworkCIDR: "10.241.32.0/20"
sshPublicKey: ssh-rsa <SSH_PUBLIC_KEY>
tags:
team: rangers