Skip to content

Instantly share code, notes, and snippets.

@prageethw prageethw/kops-aws.sh forked from vfarcic/14-aws.sh
Last active Jan 8, 2019

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
kops-aws.sh
cd k8s-specs
git pull
export AWS_ACCESS_KEY_ID=[...]
export AWS_SECRET_ACCESS_KEY=[...]
#make sure you install aws cli
#https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
aws --version
export AWS_DEFAULT_REGION=us-east-2
aws iam create-group \
--group-name kops
aws iam attach-group-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
--group-name kops
aws iam attach-group-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
--group-name kops
aws iam attach-group-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
--group-name kops
aws iam attach-group-policy \
--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
--group-name kops
aws iam create-user \
--user-name kops
aws iam add-user-to-group \
--user-name kops \
--group-name kops
aws iam create-access-key \
--user-name kops >kops-creds
cat kops-creds
export AWS_ACCESS_KEY_ID=$(\
cat kops-creds | jq -r \
'.AccessKey.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(
cat kops-creds | jq -r \
'.AccessKey.SecretAccessKey')
aws ec2 describe-availability-zones \
--region $AWS_DEFAULT_REGION
export ZONES=$(aws ec2 \
describe-availability-zones \
--region $AWS_DEFAULT_REGION \
| jq -r \
'.AvailabilityZones[].ZoneName' \
| tr '\n' ',' | tr -d ' ')
ZONES=${ZONES%?}
echo $ZONES
mkdir -p cluster
cd cluster
aws ec2 create-key-pair \
--key-name devops25 \
| jq -r '.KeyMaterial' \
>devops25.pem
chmod 400 devops25.pem
ssh-keygen -y -f devops25.pem \
>devops25.pub
export NAME=devops25.k8s.local
export BUCKET_NAME=devops25-store
aws s3api create-bucket \
--bucket $BUCKET_NAME \
--create-bucket-configuration \
LocationConstraint=$AWS_DEFAULT_REGION
export KOPS_STATE_STORE=s3://devops25-store
# If MacOS
brew update && brew install kops
# If MacOS
curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-darwin-amd64
# If MacOS
chmod +x ./kops
# If MacOS
sudo mv ./kops /usr/local/bin/
# If Linux
wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64
# If Linux
chmod +x ./kops
# If Linux
sudo mv ./kops /usr/local/bin/
# If Windows
mkdir config
# If Windows
alias kops="docker run -it --rm \
-v $PWD/devops25.pub:/devops25.pub \
-v $PWD/config:/config \
-e KUBECONFIG=/config/kubecfg.yaml \
-e NAME=$NAME -e ZONES=$ZONES \
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-e KOPS_STATE_STORE=$KOPS_STATE_STORE \
vfarcic/kops"
kops create cluster \
--name $NAME \
--master-count 3 \
--node-count 1 \
--node-size t2.small \
--master-size t2.small \
--zones $ZONES \
--master-zones $ZONES \
--ssh-public-key devops25.pub \
--networking kubenet \
--kubernetes-version v1.10.11 \
--yes
##################
# Install Tiller #
##################
kubectl create \
-f https://raw.githubusercontent.com/vfarcic/k8s-specs/master/helm/tiller-rbac.yml \
--record --save-config
helm init --service-account tiller
kubectl -n kube-system \
rollout status deploy tiller-deploy
##################
# Install ingress #
##################
kubectl create \
-f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml
kubectl -n kube-ingress rollout \
status deployment ingress-nginx
CLUSTER_DNS=$(aws elb
describe-load-balancers | jq -r \
".LoadBalancerDescriptions[] \
| select(.DNSName \
| contains (\"api-devops25\") \
| not).DNSName")
aws ec2 \
describe-instances | jq -r \
".Reservations[].Instances[] \
| select(.SecurityGroups[]\
.GroupName==\"nodes.$NAME\")\
.InstanceId"
INSTANCE_ID=$(aws ec2 \
describe-instances | jq -r \
".Reservations[].Instances[] \
| select(.SecurityGroups[]\
.GroupName==\"nodes.$NAME\")\
.InstanceId" | tail -n 1)
cd cluster
mkdir -p config
export KUBECONFIG=$PWD/config/kubecfg.yaml
kops export kubecfg --name ${NAME}
cat $KUBECONFIG
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
ZONES=$ZONES
NAME=$NAME
KOPS_STATE_STORE=$KOPS_STATE_STORE" \
>kops
# destroy cluster
kops delete cluster \
--name $NAME \
--yes
aws s3api delete-bucket \
--bucket devops25-store
# Do NOT run this
# Replace `[...]` with the administrative access key ID.
export AWS_ACCESS_KEY_ID=[...]
# Do NOT run this
# Replace `[...]` with the administrative secret access key.
export AWS_SECRET_ACCESS_KEY=[...]
# Do NOT run this
aws iam remove-user-from-group \
--user-name kops \
--group-name kops
# Do NOT run this
aws iam delete-access-key \
--user-name kops \
--access-key-id $(\
cat kops-creds | jq -r \
'.AccessKey.AccessKeyId')
# Do NOT run this
aws iam delete-user \
--user-name kops
# Do NOT run this
aws iam detach-group-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
--group-name kops
# Do NOT run this
aws iam detach-group-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
--group-name kops
# Do NOT run this
aws iam detach-group-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
--group-name kops
# Do NOT run this
aws iam detach-group-policy \
--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
--group-name kops
# Do NOT run this
aws iam delete-group \
--group-name kops
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.