⚓Setup KOps and Calico within AWS Gov Cloud using Gossip DNS

Private Topology | Calico | Multiple Masters | ⚗ Kevin Summersill

⚗ Kevin Summersill 🔋

--

It may be a challenge to set up a Kubernetes environment on the AWS Gov Cloud with high availability. One of the main challenges is dealing with the DSN not being able to set up AWS “alias” within Route 53. In this article, we will cover how to set up a highly scalable Kubernetes environment that utilizes a private topology, 3 masters that are associated with 3 different availability zones, a network with Calico, and 3 nodes. So let's get started.

  1. Creating a Virtual Private Cloud (VPC) within AWS Gov Cloud

There are two main ways to create a VPC: 1. Create it via the Console. 2. Create it via the AWS CLI. For this article, we will use the AWS CLI. Enter the following to create a new VPC:

Note: To install the AWS CLI, you can click here: AWS CLI. Make sure to type “aws configure” and use your Access ID and Secret Key. Make sure that your Access ID (aka user) has the permissions to create a VPC. Also, make sure that you are within the same region as you are setting up your Kubernetes environment.

aws ec2 create-vpc --cidr-block <your-cidr-block> --region <your-gov-region>

Example:

aws ec2 create-vpc --cidr-block 10.0.0.0/16 --region us-gov-west-1

Great! We have our VPC created that will be used by KOps and the Gossip DNS.

2. Enable DNS Hostnames for New VPC

Now we need to enable the DNS Hostname for the VPC. By default, this is turned off. Do this by also using the AWS CLI and typing:

Note: You can find your vpc id as the output from the previous command.

aws ec2 modify-vpc-attribute --vpc-id <new-vpc-id> --enable-dns-hostnames "{\"Value\":true}" --region <your-gov-region>

Example:

aws ec2 modify-vpc-attribute --vpc-id <new-vpc-id> --enable-dns-hostnames "{\"Value\":true}" --region us-gov-west-1

3. Verify the capacity of elastic IPs for your account.

There is a threshold placed on every Gov Cloud account on the number of elastic IPs that…

--

--

⚗ Kevin Summersill 🔋

Enterprise Solution Architect | Certified K8s Administrator/Developer ⚓ | SAFe SPC | Cert Terraform | AWS Solutions Architect | Dev*Ops/GitOps Engineer 🔥