We figured out that we needed to do two things:
-
Change the default Kubernetes template configuration to use the “aws” cloud provider.
-
Grant various policy permissions to every rancher host we add to the cluster, which we do with a Role/InstanceProfile. The particular policy needed is:
{“Version”:“2012-10-17”,“Statement”:[{“Action”:“elasticloadbalancing:",“Resource”:"”,“Effect”:“Allow”}]}
I posted details in How To: Deploy Rancher/Kubernetes in Amazon VPC private subnet