cd k8s-specs | |
git pull | |
export AWS_ACCESS_KEY_ID=[...] | |
export AWS_SECRET_ACCESS_KEY=[...] | |
#make sure you install aws cli | |
#https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html | |
aws --version | |
export AWS_DEFAULT_REGION=us-east-2 | |
aws iam create-group \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \ | |
--group-name kops | |
aws iam create-user \ | |
--user-name kops | |
aws iam add-user-to-group \ | |
--user-name kops \ | |
--group-name kops | |
aws iam create-access-key \ | |
--user-name kops >kops-creds | |
cat kops-creds | |
export AWS_ACCESS_KEY_ID=$(\ | |
cat kops-creds | jq -r \ | |
'.AccessKey.AccessKeyId') | |
export AWS_SECRET_ACCESS_KEY=$( | |
cat kops-creds | jq -r \ | |
'.AccessKey.SecretAccessKey') | |
aws ec2 describe-availability-zones \ | |
--region $AWS_DEFAULT_REGION | |
export ZONES=$(aws ec2 \ | |
describe-availability-zones \ | |
--region $AWS_DEFAULT_REGION \ | |
| jq -r \ | |
'.AvailabilityZones[].ZoneName' \ | |
| tr '\n' ',' | tr -d ' ') | |
ZONES=${ZONES%?} | |
echo $ZONES | |
mkdir -p cluster | |
cd cluster | |
aws ec2 create-key-pair \ | |
--key-name devops25 \ | |
| jq -r '.KeyMaterial' \ | |
>devops25.pem | |
chmod 400 devops25.pem | |
ssh-keygen -y -f devops25.pem \ | |
>devops25.pub | |
export NAME=devops25.k8s.local | |
export BUCKET_NAME=devops25-store | |
aws s3api create-bucket \ | |
--bucket $BUCKET_NAME \ | |
--create-bucket-configuration \ | |
LocationConstraint=$AWS_DEFAULT_REGION | |
export KOPS_STATE_STORE=s3://devops25-store | |
# If MacOS | |
brew update && brew install kops | |
# If MacOS | |
curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-darwin-amd64 | |
# If MacOS | |
chmod +x ./kops | |
# If MacOS | |
sudo mv ./kops /usr/local/bin/ | |
# If Linux | |
wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64 | |
# If Linux | |
chmod +x ./kops | |
# If Linux | |
sudo mv ./kops /usr/local/bin/ | |
# If Windows | |
mkdir config | |
# If Windows | |
alias kops="docker run -it --rm \ | |
-v $PWD/devops25.pub:/devops25.pub \ | |
-v $PWD/config:/config \ | |
-e KUBECONFIG=/config/kubecfg.yaml \ | |
-e NAME=$NAME -e ZONES=$ZONES \ | |
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ | |
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \ | |
-e KOPS_STATE_STORE=$KOPS_STATE_STORE \ | |
vfarcic/kops" | |
kops create cluster \ | |
--name $NAME \ | |
--master-count 3 \ | |
--node-count 1 \ | |
--node-size t2.small \ | |
--master-size t2.small \ | |
--zones $ZONES \ | |
--master-zones $ZONES \ | |
--ssh-public-key devops25.pub \ | |
--networking kubenet \ | |
--kubernetes-version v1.10.11 \ | |
--yes | |
################## | |
# Install Tiller # | |
################## | |
kubectl create \ | |
-f https://raw.githubusercontent.com/vfarcic/k8s-specs/master/helm/tiller-rbac.yml \ | |
--record --save-config | |
helm init --service-account tiller | |
kubectl -n kube-system \ | |
rollout status deploy tiller-deploy | |
################## | |
# Install ingress # | |
################## | |
kubectl create \ | |
-f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml | |
kubectl -n kube-ingress rollout \ | |
status deployment ingress-nginx | |
CLUSTER_DNS=$(aws elb | |
describe-load-balancers | jq -r \ | |
".LoadBalancerDescriptions[] \ | |
| select(.DNSName \ | |
| contains (\"api-devops25\") \ | |
| not).DNSName") | |
aws ec2 \ | |
describe-instances | jq -r \ | |
".Reservations[].Instances[] \ | |
| select(.SecurityGroups[]\ | |
.GroupName==\"nodes.$NAME\")\ | |
.InstanceId" | |
INSTANCE_ID=$(aws ec2 \ | |
describe-instances | jq -r \ | |
".Reservations[].Instances[] \ | |
| select(.SecurityGroups[]\ | |
.GroupName==\"nodes.$NAME\")\ | |
.InstanceId" | tail -n 1) | |
cd cluster | |
mkdir -p config | |
export KUBECONFIG=$PWD/config/kubecfg.yaml | |
kops export kubecfg --name ${NAME} | |
cat $KUBECONFIG | |
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID | |
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY | |
AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION | |
ZONES=$ZONES | |
NAME=$NAME | |
KOPS_STATE_STORE=$KOPS_STATE_STORE" \ | |
>kops | |
# destroy cluster | |
kops delete cluster \ | |
--name $NAME \ | |
--yes | |
aws s3api delete-bucket \ | |
--bucket devops25-store | |
# Do NOT run this | |
# Replace `[...]` with the administrative access key ID. | |
export AWS_ACCESS_KEY_ID=[...] | |
# Do NOT run this | |
# Replace `[...]` with the administrative secret access key. | |
export AWS_SECRET_ACCESS_KEY=[...] | |
# Do NOT run this | |
aws iam remove-user-from-group \ | |
--user-name kops \ | |
--group-name kops | |
# Do NOT run this | |
aws iam delete-access-key \ | |
--user-name kops \ | |
--access-key-id $(\ | |
cat kops-creds | jq -r \ | |
'.AccessKey.AccessKeyId') | |
# Do NOT run this | |
aws iam delete-user \ | |
--user-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam delete-group \ | |
--group-name kops |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment