Last active
May 27, 2021 15:01
-
-
Save ArangoGutierrez/2680c192a15efd47cdcd32943c9724c1 to your computer and use it in GitHub Desktop.
A guided script to deploy a vanilla kubernetes cluster using https://github.com/kubernetes/kops , Documentation can be found at https://kops.sigs.k8s.io/getting_started/aws/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -o xtrace | |
| # Documentation can be found at https://kops.sigs.k8s.io/getting_started/aws/ | |
| # configure the aws client to use your new IAM user run | |
| # aws configure # Use your new access and secret key here | |
| # aws iam list-users # you should see a list of all your IAM users here | |
| # Prepare local environment | |
| # Because "aws configure" doesn't export these vars for kops to use, we export them now | |
| # this script doesn't aim to help create route53 zones or set up AWS DNS | |
| export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id) | |
| export AWS_SECRET_ACCESS_KEY=$(aws configure get aws_secret_access_key) | |
| export NAME=kops-dev-cluster.perf-testing.devcluster.openshift.com | |
| export KOPS_STATE_STORE=s3://example-com-state-store | |
| export NODE_SIZE=${NODE_SIZE:-m4.large} | |
| export MASTER_SIZE=${MASTER_SIZE:-m4.large} | |
| export ZONES=${ZONES:-"us-east-1a,us-east-1b,us-east-1c"} | |
| KOPS=$PWD/kops-linux-amd64 | |
| # get kops binary | |
| function get_kops() { | |
| curl -LO https://github.com/kubernetes/kops/releases/download/$1/kops-linux-amd64 | |
| chmod +x kops-linux-amd64 | |
| } | |
| # create cluster | |
| function create_kops_cluster() { | |
| ./kops-linux-amd64 --alsologtostderr --log_dir install-logs create cluster ${NAME} \ | |
| --node-count 3 \ | |
| --zones $ZONES \ | |
| --node-size $NODE_SIZE \ | |
| --master-size $MASTER_SIZE \ | |
| --master-zones $ZONES \ | |
| --networking kubenet \ | |
| --yes | |
| } | |
| # Delete a cluster in AWS. | |
| function delete_kops_cluster() { | |
| ./kops-linux-amd64 delete cluster --name=${NAME} --state=${KOPS_STATE_STORE} | |
| } | |
| # Customize Cluster Configuration | |
| # This is an optional step, if desired you can comment what's rest of the script | |
| function edit_kops_cluster() { | |
| ./kops-linux-amd64 edit cluster ${NAME} | |
| } | |
| # Update the Cluster | |
| function update_kops_cluster() { | |
| ./kops-linux-amd64 update cluster ${NAME} --yes | |
| ./kops-linux-amd64 rolling-update cluster --yes | |
| } | |
| # The kops user will require the following IAM permissions to function properly: | |
| # AmazonEC2FullAccess | |
| # AmazonRoute53FullAccess | |
| # AmazonS3FullAccess | |
| # IAMFullAccess | |
| # AmazonVPCFullAccess | |
| # | |
| # Assuming you already have a hosted zone in Route53 | |
| # example example.com | |
| function setup_kops_account() { | |
| aws iam create-group --group-name kops | |
| aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops | |
| aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops | |
| aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops | |
| aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops | |
| aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops | |
| aws iam create-user --user-name kops | |
| aws iam add-user-to-group --user-name kops --group-name kops | |
| aws iam create-access-key --user-name kops | |
| } | |
| function clean_kops() { | |
| rm -f ${KOPS} | |
| accesskeyid=$(aws iam list-access-keys --user kops |jq .AccessKeyMetadata[0].AccessKeyId) | |
| aws iam delete-access-key --user-name kops --access-key-id ${accesskeyid:1:20} | |
| aws iam remove-user-from-group --user-name kops --group-name kops | |
| aws iam delete-user --user-name kops | |
| aws iam detach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops | |
| aws iam detach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops | |
| aws iam detach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops | |
| aws iam detach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops | |
| aws iam detach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops | |
| aws iam delete-group --group-name kops | |
| aws s3api delete-bucket \ | |
| --bucket example-com-state-store \ | |
| --region us-east-1 | |
| } | |
| # In order to store the state of your cluster, and the representation of your cluster | |
| # we need to create a dedicated S3 bucket for kops to use. This bucket will become the | |
| # source of truth for our cluster configuration. In this guide we'll call this bucket | |
| # example-com-state-store, but you should add a custom prefix as bucket names need to be unique. | |
| function kops_s3_bucket() { | |
| aws s3api create-bucket \ | |
| --bucket example-com-state-store \ | |
| --region us-east-1 | |
| # We STRONGLY recommend versioning your S3 bucket in case you ever need to revert or recover a previous state store | |
| aws s3api put-bucket-versioning --bucket example-com-state-store --versioning-configuration Status=Enabled | |
| # Using S3 default bucket encryption | |
| aws s3api put-bucket-encryption --bucket example-com-state-store --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}' | |
| } | |
| # Main | |
| while true; do | |
| case ${1:-} in | |
| "create") | |
| shift | |
| get_kops ${1:-} | |
| setup_kops_account | |
| kops_s3_bucket | |
| create_kops_cluster | |
| exit 0 | |
| ;; | |
| "clean") | |
| clean_kops | |
| exit 0 | |
| ;; | |
| *) | |
| break | |
| ;; | |
| esac | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment