{"id":27294562,"url":"https://github.com/nerdalert/aws-ansible-kubernetes","last_synced_at":"2026-05-05T12:31:32.796Z","repository":{"id":146438925,"uuid":"472155827","full_name":"nerdalert/aws-ansible-kubernetes","owner":"nerdalert","description":"Kubernetes Multi-Node Ansible Deployment for AWS EC2","archived":false,"fork":false,"pushed_at":"2022-04-05T06:11:31.000Z","size":24,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-11T22:53:25.898Z","etag":null,"topics":["ansible","automation","aws","ec2","installation","kubernetes"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nerdalert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-03-21T02:05:27.000Z","updated_at":"2022-03-21T02:28:25.000Z","dependencies_parsed_at":"2023-05-16T06:00:43.211Z","dependency_job_id":null,"html_url":"https://github.com/nerdalert/aws-ansible-kubernetes","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nerdalert/aws-ansible-kubernetes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Faws-ansible-kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Faws-ansible-kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Faws-ansible-kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Faws-ansible-kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nerdalert","download_url":"https://codeload.github.com/nerdalert/aws-ansible-kubernetes/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Faws-ansible-kubernetes/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32649515,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-05T11:29:49.557Z","status":"ssl_error","status_checked_at":"2026-05-05T11:29:48.587Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","aws","ec2","installation","kubernetes"],"created_at":"2025-04-11T22:53:24.535Z","updated_at":"2026-05-05T12:31:32.762Z","avatar_url":"https://github.com/nerdalert.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes Multi-Node Ansible Deployment for AWS EC2\n\nThis repo fully automates the deployment of Kubernetes on EC2 and can scale out dynamically to however\nmany worker nodes desired. The playbooks use the latest changes to the `amazon.aws.ec2_instance` module.\n\nCurrently, the Kubernetes distribution is [K3s](https://github.com/k3s-io/k3s) as I am using this for datapath\nperformance testing, so the lighter the weight the better for my needs. I will be adding Microshift as an\nalternative lightweight distribution as soon as this PR merges [Allow MicroShift to join new worker nodes](https://github.com/redhat-et/microshift/pull/471).\n\n### Prerequisites\n\n- This assumes little to no experience with Kubernetes or Ansible.\n- An active AWS account. The default profiles and VPCs are sufficient. The default instance type used\n  is `t2.micro` which is free tier eligible. The default AMI image used is Fedora but can be changed to\n  any Linux flavor in the ENV file shown in the next section.\n- Python - (newer the version the better) latest version can be found at [Download the latest version of Python](https://www.python.org/downloads/)\n- Ansible - instructions in next section or at [Installing Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible)\n\n\n### Install Ansible and Clone the Repo\n\n\n- Install Ansible and Boto\n\n```sh\n# Details at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html\n$ /usr/local/bin/python3.10 -m pip install --user ansible\n# boto is the AWS SDK for python\n$ pip3 install boto\n\n# example ansible output on OSX\n$ ansible --version\nansible [core 2.12.3]\n  configured module search path = ['/Users/brent/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']\n  ansible python module location = /Users/brent/Library/Python/3.10/lib/python/site-packages/ansible\n  ansible collection location = /Users/brent/.ansible/collections:/usr/share/ansible/collections\n  executable location = /Users/brent/Library/Python/3.10/bin/ansible\n  python version = 3.10.3 (v3.10.3:a342a49189, Mar 16 2022, 09:34:18) [Clang 13.0.0 (clang-1300.0.29.30)]\n  jinja version = 3.0.3\n  libyaml = True\n```\n\n- If you are on OSX you may need to run the following to resolve openSSL root certificate access (replace 3.10 with whatever your Python version is)\n\n```sh\ncd /Applications/Python\\ 3.10/\n./Install\\ Certificates.command\n```\n\n\n- Clone the repo\n```\ngit clone https://github.com/nerdalert/aws-ansible-kubernetes.git\ncd aws-ansible-kubernetes \n```\n\n\n- Setup Ansible vault - from within the cloned repo directory run the following and paste in your\n  AWS credentials. Instructions on retrieving your AWS credentials at [AWS Getting Your Credentials](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/getting-your-credentials.html)\n\n```sh\n# The following will open an editor\nansible-vault create credentials.yml\n\n# Paste the following in the opened editor and save the file\naccess_key: \u003cadd_access_key_here\u003e\nsecret_key: \u003cadd_secret_key_here\u003e\n```\n\n- Adjust the `ansible.cfg` file in the base directory to reflect your environment.\n- The main one that needs to be edited for your environment will be the path to the\n  `private_key_file.pem` entry that is associated with your AWS key specified in `vars.yml`.\n  You can also simply copy the key to the base directory and leave off the path.\n- In some environments you won't need to enable `become_ask_pass` but adding it to be as\n  agnostic as possible to all installations.\n\n```yaml\n# ansible.cfg\n[defaults]\n# this is an default inventory location, user can change it accordingly\nhost_key_checking = false\ndeprecation_warnings = false\nask_pass = false\nstdout_callback = yaml\nremote_user = fedora\n# defaults to the base directory in the project\ninventory = ip.txt\n# create .pem private_key_file and provide location\nprivate_key_file = \u003caws_private_key_name\u003e.pem\n\n[privilege_escalation]\nbecome = true\nbecome_method = sudo\nbecome_user = root\nbecome_ask_pass = true\n```\n\n- Next set the environmentals for your AWS EC2 details in `env.yaml` located in the base\n  of the project. Here are some example values.\n\n```yaml\n# env.yaml\naws_region: us-east-1                 # AWS region\nvpc_id: vpc-xxxxxxxx                  # VPC id from your aws account\naws_subnet: subnet-xxxxxxxx           # VPC subnet id from your aws account\naws_image_id: ami-08b4ee602f76bff79   # Fedora 35 (this can be changed to most any Linux distro, be sure to change ansible_user name if you use a different distro)\naws_key_name: \u003ckey_pair_name\u003e         # the key pair on your aws account to use\naws_instance_type: t2.micro           # t2.micro is free tier eligable, but you can use any type to scale up\nansible_user: fedora                  # this is the default user ID for your AMI image. Example, AWS AMI is ec2-user etc\nworker_node_count: 6                  # the number of worker nodes you want to deploy\nsecgroup_name: \u003caws-security-group\u003e   # the security group name can be an existing group or else it will be created by the playbook\ninventory_location: ip.txt            # leaving this as is will use the ip.txt file in the base directory\nsecurity_group_description: \"Security Group for Perf/Scale testing allowing ssh ingress\"\n```\n\n### Run the installation\n\n- Once your `env.yaml` is setup for your EC2 environment, you are ready to run the playbook to deploy the EC2 instances.\n  This will create the VMs for the deployment (add -vv for verbose output).\n\n\n```sh\n$ ansible-playbook --ask-vault-pass setup-ec2.yml\n# host being run from su password (may not be required in some setups, can disable in ansible.cfg)\nBECOME password:\n# password when you created the ansible vault\nVault password:\n```\n\n- After that run is complete, you can always ping the nodes to verify connectivity by running the following from the base directory:\n\n```sh\nansible all -m ping\n```\n\n```sh\nansible-playbook --ask-vault-pass setup-ec2.yml\n```\n\n- Example inventory file after running `setup-ec2.yml` with 6 worker nodes specified stored in `ip.txt` in base directory:\n\n```yaml\n[masterNode]\n3.84.200.218 ansible_user=fedora ansible_connection=ssh\n\n[workerNode]\n54.226.69.231 ansible_user=fedora ansible_connection=ssh\n54.226.101.8 ansible_user=fedora ansible_connection=ssh\n34.235.143.35 ansible_user=fedora ansible_connection=ssh\n3.94.190.207 ansible_user=fedora ansible_connection=ssh\n3.88.3.101 ansible_user=fedora ansible_connection=ssh\n18.212.246.28 ansible_user=fedora ansible_connection=ssh\n```\n\n- You can double check connectivity to the new nodes with:\n\n```sh\n# This pings all of the hosts in your ip.txt file \nansible all -m ping\n```\n\n- Once your nodes are running, deploy K3s Kubernetes to the nodes listed in your inventory file `ip.txt` by running the playbooks in `setup-kubernetes.yml`\n\n```\nansible-playbook setup-k8s.yml\n```\n\nAssuming that runs with no issues, your k8s deployment is up and running.\n\n### Verify the Kubernetes Deployment\n\n- Connect and verify the installation by grabbing an address out of your Ansible inventory in `ip.txt`:\n\n```sh\n# ssh to the master node. you can look in ip.txt for the ip address\nssh -i ./\u003caws-private-key\u003e.pem  fedora@\u003cmaster_node_ip\u003e\n\n# export the kube config\nexport KUBECONFIG=~/.kube/config\n\n# view the nodes in the cluster\n[fedora@ip-172-31-23-39 ~]$ kubectl get nodes -o wide\nNAME                            STATUS   ROLES                  AGE     VERSION        INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                          KERNEL-VERSION            CONTAINER-RUNTIME\nip-172-31-18-204.ec2.internal   Ready    \u003cnone\u003e                 5m9s    v1.22.7+k3s1   172.31.18.204   \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\nip-172-31-23-39.ec2.internal    Ready    control-plane,master   8m25s   v1.22.7+k3s1   172.31.23.39    \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\nip-172-31-17-164.ec2.internal   Ready    \u003cnone\u003e                 6m42s   v1.22.7+k3s1   172.31.17.164   \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\nip-172-31-16-79.ec2.internal    Ready    \u003cnone\u003e                 6m2s    v1.22.7+k3s1   172.31.16.79    \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\nip-172-31-25-147.ec2.internal   Ready    \u003cnone\u003e                 6m1s    v1.22.7+k3s1   172.31.25.147   \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\nip-172-31-24-26.ec2.internal    Ready    \u003cnone\u003e                 5m58s   v1.22.7+k3s1   172.31.24.26    \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\nip-172-31-19-38.ec2.internal    Ready    \u003cnone\u003e                 5m56s   v1.22.7+k3s1   172.31.19.38    \u003cnone\u003e        Fedora Linux 35 (Cloud Edition)   5.14.10-300.fc35.x86_64   containerd://1.5.9-k3s1\n\n# view running pods\n[fedora@ip-172-31-23-39 ~]$ kubectl get pods --all-namespaces -o wide\nNAMESPACE     NAME                                      READY   STATUS      RESTARTS   AGE     IP          NODE                            NOMINATED NODE   READINESS GATES\nkube-system   local-path-provisioner-84bb864455-tvw6n   1/1     Running     0          8m54s   10.42.0.5   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   coredns-96cc4f57d-rxwcl                   1/1     Running     0          8m54s   10.42.0.4   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   helm-install-traefik-crd--1-d26rg         0/1     Completed   0          8m55s   10.42.0.2   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   metrics-server-ff9dbcb6c-hwg82            1/1     Running     0          8m54s   10.42.0.6   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   helm-install-traefik--1-bwh4t             0/1     Completed   1          8m55s   10.42.0.3   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-pzfpg                       2/2     Running     0          8m11s   10.42.0.7   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   traefik-56c4b88c4b-zh557                  1/1     Running     0          8m13s   10.42.0.8   ip-172-31-23-39.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-5jqjh                       2/2     Running     0          7m24s   10.42.1.2   ip-172-31-17-164.ec2.internal   \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-mzb57                       2/2     Running     0          6m44s   10.42.2.2   ip-172-31-16-79.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-bjw4r                       2/2     Running     0          6m43s   10.42.3.2   ip-172-31-25-147.ec2.internal   \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-qclmh                       2/2     Running     0          6m40s   10.42.4.2   ip-172-31-24-26.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-64vqd                       2/2     Running     0          6m38s   10.42.5.2   ip-172-31-19-38.ec2.internal    \u003cnone\u003e           \u003cnone\u003e\nkube-system   svclb-traefik-txtl8                       2/2     Running     0          5m51s   10.42.6.2   ip-172-31-18-204.ec2.internal   \u003cnone\u003e           \u003cnone\u003e\n```\n\nYou are all set from there, feel free to leave feedback, open issues and/or PRs!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnerdalert%2Faws-ansible-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnerdalert%2Faws-ansible-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnerdalert%2Faws-ansible-kubernetes/lists"}