Attempt to recreate problem the @justinsb is having with 2s interval
Create cluster
kops create cluster --zones us-east-1c --name rolling-update.aws.k8spro.com --yes
getMasterIP() | |
CLUSTER=$1 | |
AZ=$2 | |
aws ec2 describe-instances --filter Name="tag-value",Values="master-${AZ}.masters.${CLUSTER}" --filter Name="instance-state-name",Values="running" | jq -r '.Reservations[0].Instances[0].PublicIpAddress' | |
} | |
tailMasterLog() { | |
IP=$(getMasterIP $1 $2) | |
ssh admin@$IP "tail -f /var/log/daemon.log" | |
} |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:AttachVolume", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateSecurityGroup", |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:DescribeInstances" | |
], | |
"Resource": [ | |
"*" |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:AttachVolume", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateTags", | |
"ec2:CreateVolume", |
//All the resource "*" we can prune down to a | |
//"Resource": "arn:aws:iam::ACCOUNTNUMBER:role/ROLENAME" | |
// which is tied to a VPC | |
// This is a list of the permissions that our installer tools | |
// use. | |
// There are multiple modes that our installer uses, we | |
// will not need the perms for VPC creation as we | |
// will be using a pre installed VPC | |
// Will need all of these |
//All the resource "*" we can prune down to a | |
//"Resource": "arn:aws:iam::ACCOUNTNUMBER:role/ROLENAME" | |
//which is tied to a VPC | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:Describe*" |
//All the resource "*" we can prune down to a | |
//"Resource": "arn:aws:iam::ACCOUNTNUMBER:role/ROLENAME" | |
//which is tied to a VPC | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
// This is used by the autoscaling components | |
{ | |
"Effect": "Allow", | |
"Action": [ |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: nginx | |
labels: | |
nginx: yes | |
annotations: | |
scheduler.alpha.kubernetes.io/affinity: > | |
{ | |
"nodeAffinity": { |