Kubectl Host AMI User Guide

Last updated on 
Kubectl Host AMI User Guide

Managing Kubernetes clusters has never been easier with the Prezelfy Hardened Kubectl Host AMI. Built on Amazon Linux 2023 and CIS-hardened for enhanced security, this pre-configured Amazon Machine Image provides a reliable and efficient environment for interacting with Amazon EKS. Equipped with kubectl, Helm, and eksctl, it eliminates the hassle of manually setting up Kubernetes command-line tools, allowing DevOps teams and cloud engineers to focus on managing and deploying applications rather than dealing with configuration overhead. Designed for security and performance, this AMI follows best practices for secure access to Kubernetes clusters while integrating seamlessly into AWS environments. Whether you are provisioning resources, deploying Helm charts, or managing EKS clusters, this optimized environment ensures consistency and reliability. Whether you're a developer, platform engineer, or DevOps professional, the Prezelfy Hardened Kubectl Host AMI simplifies Kubernetes administration while maintaining speed, security, and scalability. Get started quickly with a pre-hardened, fully optimized Kubernetes control plane—so you can focus on building and running modern applications with confidence.

What do we offer with our Kubectl Host AMI?

1. Security Best Practices

Our Prezelfy Kubectl Host AMI is built with security-first principles to ensure a hardened and protected environment for managing Kubernetes clusters. It follows CIS benchmarks and AWS security best practices, reducing the risk of misconfigurations that could expose your infrastructure to threats. Unnecessary services and ports are disabled to minimize the attack surface, and the operating system receives regular security updates to keep your environment compliant with the latest security standards.

2. Time and Effort Savings

Setting up a secure bastion host manually can be time-consuming and complex, requiring careful configuration of access controls, security policies, and CLI tools. With Prezelfy’s Bastion AMI, everything is preconfigured and optimized, so you can launch it and start managing your Amazon EKS clusters right away. No need to spend hours installing and troubleshooting kubectl, Helm, and eksctl—our AMI saves you time so you can focus on running and securing your Kubernetes environment.

3. Consistency Across Environments

Managing Kubernetes access across development, staging, and production environments can be challenging. Our Prezelfy Bastion AMI ensures a consistent setup across all deployments, providing a standardized and repeatable environment for secure EKS cluster management. This reduces misconfigurations, simplifies troubleshooting, and ensures that your teams can work with the same trusted configuration in every environment.

4. Version Control and Updates

Keeping Kubernetes command-line tools up to date is crucial for security and compatibility. Our Bastion AMI includes the latest stable versions of kubectl, Helm, and eksctl, ensuring that your environment is always equipped with the newest features and bug fixes. This eliminates the need for manual updates, so you can focus on managing your infrastructure instead of maintaining tools.

5. Documentation

Clear, well-structured documentation is key to a smooth deployment experience. The Prezelfy Bastion AMI comes with detailed setup guides and best practices, making it easy to get started, configure access securely, and manage Kubernetes clusters efficiently. Whether you're new to Kubernetes or an experienced cloud engineer, our documentation ensures you have everything you need to maximize security, performance, and efficiency.

Architectural design

This diagram illustrates the architecture of the Prezelfy Kubectl Host AMI deployment in AWS. The left side represents the key components required for secure access to Kubernetes clusters. Users can connect to the host using an SSH key, enabling a controlled and secure entry point to manage Amazon EKS clusters.

The Prezelfy Kubectl Host AMI is a pre-configured Amazon Machine Image designed to provide a secure and optimized environment for managing Kubernetes workloads. It includes essential tools such as kubectl, Helm, and eksctl, ensuring a seamless experience for cluster administration. To enhance security, the host operates with an IAM role that grants the necessary permissions for interacting with AWS services, reducing the need for direct access to sensitive credentials.

On the right side, the diagram represents the AWS infrastructure where the Kubectl Host AMI is deployed. The host resides within an AWS VPC and is typically placed in a private subnet, allowing administrators to securely access private network resources, such as Kubernetes control planes running in private subnets. Security groups and IAM policies enforce strict access controls, ensuring only authorized users can connect to the environment.

This architecture provides a scalable, secure, and efficient solution for Kubernetes management, eliminating the complexities of manual setup. With the Prezelfy Kubectl Host AMI, users can deploy a hardened, pre-configured access point for managing Amazon EKS clusters, ensuring best practices in security, consistency, and operational efficiency.

Installation guide

Installation steps assuming you have already configured the VPC:

  1. Create single EC2 instance, or one using Auto Scaling group
  2. For AMI ID select one assigned to Prezelfy Kubectl Host AMI
  3. Generate key pair and save private key on secure place
  4. Deploy
  5. Share kubectl Host IP and private key with your team

How to use Kubectl Host?

Kubectl Host serve various purposes, and we'll highlight a few of them here. Utilizing Kubectl Hosts aligns best with company security standards and company security team.

Use usecases:

1. Secure Remote Access
username: ec2-user password: use SSH-key used during EC2 instance creation



Example:

ssh -i /Users/Prezelfy/Keys/kubectlhost.pem ec2-user@prezelfy-kubectl.com

2. Connect kubectl to an EKS cluster

aws eks update-kubeconfig --region region-code --name my-cluster
3. Test Configuration
kubectl get svc

Example output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.100.0.1 none 443/TCP 1m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE svc/kubernetes ClusterIP 10.100.0.1 none 443/TCP 1m


Troubleshooting when Kubectl Host is not working

This are some of the cations we recommended to take when Kubectl Host server is not functioning as intended:

1. Check Network Connectivity

Ensure that security group associated with Kubectl Host allows outbound traffic on port 80 and 443 and verify that there are no network ACLs or route table rules blocking the traffic.

2. Verify Kubectl Host Instance Status

Check the status of the Kubectl Host host instance. If it's terminated, you may need to relaunch it.

3. SSH Key Pair and Permissions

Verify that you are using the correct SSH key pair to connect to the Kubectl Host host and check the permissions on the private key file (it should only be readable by the owner).

4. EC2 Instance Metadata

On the Kubectl Host host, check the EC2 instance metadata for errors or issues. Access metadata at http://169.254.169.254/latest/meta-data/ on the Kubectl Host host.