Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.

Single Node Kubernetes Cluster on AWS

In this article, I will share the steps to be done to set up a Single Node Kubernetes Cluster on AWS using kubeadm. This is only for testing and learning purposes.


1. Create a VPC with minimum 1 Public Subnet

2. Create an Security Groups

Create an Security Group for the Kubernetes Instances ( Eg: SG_K8S_CLUSTER_INSTANCES)

   Allow all connections from the VPC CIDR
   Allow 6443 from any Public IP from which you would like to manage the cluster

3. Create IAM Policies


  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": [


      "Version": "2012-10-17",
      "Statement": [
              "Effect": "Allow",
              "Action": [
              "Resource": "*"

4. Create IAM role for the EC2 instance

Create IAM role for the EC2 instance (Ref:

Create Role       : kubernetes-master-node-role 
Attach Policies   : kubernetes-master-node-policy, kubernetes-worker-node-policy

5. Launch an EC2 Instance

Launch an EC2 Instance in VPC Public Subnet (Ubuntu 16.04) + Attach the Security Group you have created in Step 2 and Attach IAM Role created in Step 4

6. Install System updates + Set EC2 Hostname

Install System updates + Set EC2 Hostname (The hostname of each node must match the EC2 Private DNS entry for the instance)

sudo hostnamectl set-hostname $(curl -s

7. Setup AWS Tags, Resources used by the cluster must have specific AWS tags assigned to them.

Attach following Tag to

Key:    (<cluster-name>) 
Value:  owned
  1. EC2 Instances
  2. VPC
  3. VPC Subnets
  4. VPC Route Tables
  5. VPC Internet gateway
  6. VPC Security Group

8. Install Docker

apt-get install     apt-transport-https     ca-certificates     curl     gnupg-agent     software-properties-common
curl -fsSL | sudo apt-key add -
apt-key fingerprint 0EBFCD88
sudo add-apt-repository  "deb [arch=amd64] $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce docker-ce-cli
systemctl start docker
systemctl enable docker

9. Install Kubeadm, kubelet, kubectl

curl -s | sudo apt-key add -
echo "deb kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
apt update
apt install -y docker-ce kubelet kubeadm kubectl

10. Create kubeadm configuration file ( /etc/kubernetes/aws.yml )

kind: ClusterConfiguration
  serviceSubnet: ""
  podSubnet: ""
    cloud-provider: "aws"
    cloud-provider: "aws"

(Makes sure to replace your VPC CIDR)

11. Bootstrap Kubernetes

kubeadm init --config=/etc/kubernetes/aws.yml

12. Once the setup is complete, You will get a message as follows + Additional details

Your Kubernetes control-plane has initialized successfully!

13. Configure kubectl (You need to run the following as a regular user)

Configure kubectl

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

14. Install Pod Network to the Cluster

Install Pod Network to the Cluster ( Ref:

You should now deploy a pod network to the cluster. Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:

kubectl apply -f

15. Control Plane node isolation

By default, your cluster will not schedule pods on the control-plane node for security reasons. Run following command to enable it for scheduling

kubectl taint nodes --all

16 Adding additional Nodes

In case required, you can add additional nodes to this cluster by running following command as root after retreiving token and cert hash from the cluster

kubeadm join x.x.x.x:6443 –token xxxx.xxxx –discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxx

Dijeesh Padinharethil

Associate Director, Cloud Services @ Network Redux

Infrastructure | Operations | AWS | DevOps Engineer