Kubernetes as a Service (KUB)

Kubernetes is an open-source container management platform delivered by Google. In a containerized infrastructure, applications are deployed as isolated, independent entities, the so-called containers. Containerization has multiple benefits over the traditional deployment – faster and more efficient installation, environment consistency, portability, security.

EPAM Cloud provides installation of the latest Kubernetes version supported by the community.

In EPAM Cloud, by default, Kubernetes cluster includes two virtual machines function as master nodes, and one worker node.

Master node manages the workload and provides communication within the cluster as well as contains information about state of the cluster. Availability of two master nodes and more enables high service performance and ensures faultless operation. Worker node subordinates to the master node and serves as runner.

Application containers can be run on both master and worker nodes. You can make any changes in the predefined cluster configuration by changing Ansible inventory file generated by or2kc Maestro CLI command.

Have a Question?

The current page gives the general information on the service and the main workflows. However, while working with the services, our users encounter new questions they need assistance with. The most frequently asked questions on EPAM Cloud Services are gathered on the Cloud Services FAQ page.
Visit the page to check whether we have a ready answer for your question.

Related CLI Commands

The table below provides the list of service-related commands and their descriptions:

Command Description
or2-manage-service… -a -s k8s -k key Activates Kubernetes services
or2-kubernetes-client (or2kc) Generates Ansible inventory. Location of the inventory file $MAESTRO_CLI_HOME/out/$PROJECT/$REGION/k8s/inventory

Service Activation

Master nodes and Worker node have the same parameters:

  • - Shape: LARGE (2 CPU, 7.5 RAM)
  • - Image: CoreOS_64-bit

To activate Kubernetes cluster, make sure you have installed Maestro CLI.

The following instruction is relevant to the POSIX compatible workstations. If you use Windows OS on your workstation, please run any Linux based instance.


1. Declare the variables

To make service set up and further usability easier and more user-friendly declare variables relevant for your project.

export PROJECT="Your project name"
export REGION="Your region"
export KEY_NAME="Name for ssh key pair"
export MAESTRO_CLI_HOME="Path to maestro-cli folder"
export LOG_FILE="cluster_deploy_$(date +"%Y_%m_%d_%I_%M_%p").log"

2. Create or add keys

To create SSH keys, use or2addkey Maestro CLI command and specify your project, region and key name.

or2addkey -p $PROJECT -r $REGION -k $KEY_NAME

To add your own keys that already exist use or2ikey Maestro CLI command and specify path to your key, project, region and key name.

or2ikey -f /path/to/your/key -p $PROJECT -d $REGION -k $KEY_NAME

Move private key to the default folder with the command given below:

chmod 400 ~/.ssh/$KEY_NAME.pem

3. Install packages

The following example is relevant to Ubuntu based distributives. If you use Linux or MacOS, please execute similar distributive specific package management command to install Ansible and kubectl.

Use the following commands to update and install Ansible, Git and dependencies.

sudo apt-get update
sudo apt-get install -y ansible git python-pip python-jinja2 python-netaddr

Please note, that service activation steps have been already tested on Ansible version 2.5.1. and python-netaddr is installed on the machine that will run Ansible commands.

4. Install kubectl

kubectl will allow to configure, manage and get information about your cluster.

To install kubectl on Ubuntu use the following commands:

sudo apt-get install -y apt-transport-https curl
sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
sudo bash -c "echo deb http://apt.kubernetes.io/ kubernetes-xenial main > /etc/apt/sources.list.d/kubernetes.list"
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

To add auto completion, run the command given below:

echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc

5. Download kubespray

To download kubespray use the following commands:

wget https://github.com/kubernetes-sigs/kubespray/archive/v2.11.0.zip unzip v2.11.0.zip

6. Install requirements

To install requirements, use the command given below:

cd ~/kubespray-2.11.0
sudo pip install -r requirements.txt
cp -rfp ~/kubespray-2.11.0/inventory/sample ~/kubespray-2.11.0/inventory/mycluster

7. Run service for Kubernetes cluster

To run two master nodes and worker node with the requirements for Kubernetes cluster stated in the Kubernetes as a service section, use or2ms Maestro CLI command and specify your project, region, service and key name. This command will register three VMs as Kubernetes service with public key.

or2ms -p $PROJECT -r $REGION -a -s k8s -k $KEY_NAME

8. Run the check

To check status of cluster execution, run or2dmstack command and specify project, region and stack ID. You can find stack ID with or2dser command specifying project, region and copy correspondent value. To simplify, you can execute single string command combination:

or2dmstack -p $PROJECT -r $REGION -s $(or2dser -p $PROJECT -r $REGION | awk
-F"|" '/k8s/{print $8}')

9. Generate inventory file for Ansible

To generate Ansible inventory use or2kc Maestro CLI command and specify project and region.

or2kc -p $PROJECT -r $REGION

10. Copy Ansible inventory file to the folder

To copy inventory file to the folder, use the following command:

cp $MAESTRO_CLI_HOME/out/$PROJECT/$REGION/k8s/inventory

11. Change configuration in files

To change configuration in ansible.cfg, all.yml and k8s-cluster.yml, use the following commands:

sed -i '/\[defaults\]/a remote_user = core' /etc/ansible/ansible.cfg
sed -i '/\[defaults\]/a interpreter_python = /opt/bin/python' /etc/ansible/ansible.cfg
sed -i 's/^.*\bbin_dir:\b.*$/bin_dir: \/opt\/bin/' ~/kubespray-2.11.0/inventory/mycluster/group_vars/all/all.yml
sed -i 's/^.*kubeconfig_localhost:.*$/kubeconfig_localhost: true/' ~/kubespray-2.11.0/inventory/mycluster/group_vars/k8s-cluster/k8s-cluster.yml

12. Run Ansible playbook

To run Ansible playbook use the following command:

ansible-playbook -i ~/kubespray/inventory/mycluster/inventory --become --
become-user=root --user=core cluster.yml --key-file "~/.ssh/$KEY_NAME.pem" |

13. Configure local kubectl

To create symbolic link to default kubectl folder use the command given below:

mkdir -p ~/.kube
ln -s ~/kubespray/inventory/mycluster/artifacts/admin.conf ~/.kube/config

14. Check Kubernetes cluster availability

To check Kubernetes cluster availability, use the following command:

kubectl cluster-info

Now the cluster is ready to be used.

15. Deploy dashboard (optional)

If you prefer managing the cluster via the web UI you may configure Kubernetes Dashboard. To do this perform the following steps:

1. Remove old dashboard resources with the following commands:

kubectl delete deployment kubernetes-dashboard --namespace=kube-system
kubectl delete service kubernetes-dashboard --namespace=kube-system
kubectl delete role kubernetes-dashboard-minimal --namespace=kube-system
kubectl delete rolebinding kubernetes-dashboard-minimal --namespace=kube-system
kubectl delete sa kubernetes-dashboard --namespace=kube-system
kubectl delete secret kubernetes-dashboard-certs --namespace=kube-system
kubectl delete secret kubernetes-dashboard-key-holder --namespace=kube-system

2. Create admin user to access Kubernetes dashboard with the following commands:

cat > dashboard-adminuser.yml << EOF
apiVersion: v1
kind: ServiceAccount
   name: admin-user
   namespace: kube-system
kubectl apply -f dashboard-adminuser.yml

3. Create ClusterRoleBinding using the following commands:

cat > admin-role-binding.yml << EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: admin-user
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
-  kind: ServiceAccount
   name: admin-user
   namespace: kube-system
kubectl apply -f admin-role-binding.yml

4. Deploy new Kubernetes dashboard with the following command:

kubectl apply -f

5. Get token for login with the command given below:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | awk '/token:/ {print $2}'

6. The dashboard url is


Please note, that current dashboard version is a beta one and some of the provided features might not work correctly.

Web UI

The Kubernetes service has a web UI which is automatically available as soon as the service is activated in the cluster. It is accessible via a URL over the https connection. The Web UI URL can be found from the Kubernetes node details returned by the kubectl cluster-info command.

The web UI has most of the functionality supported by the CLI in an intuitive format.

When the application is running, you can use the Kubernetes Dashboard to monitor its performance, debug errors and manage applications.


The service usage price is defined by the price of the Kubernetes cluster. Kubernetes cluster contains 3 VMs of the following parameters:

  • - Shape: LARGE (2 CPU, 7.5 RAM)
  • - Image: CoreOS_64-bit

Therefore, the approximate monthly cost of a Kubernetes Server usage in case of 100% and 24/7 load is about $184 in EPAM-BY2 region (as to 10/26/2019). Please pay attention, that if you run your Ubuntu workstation in EPAM Cloud, its cost will influence the total cost of the project based on the workstation capacity.


More information on the Kubernetes Service can be found in the EPAM Cloud Services Guide. For detailed description of the Maestro CLI commands used to manage the Kubernetes Service, refer to the Maestro CLI User Guide.