kops-aws.sh

cd k8s-specs

git pull

export AWS_ACCESS_KEY_ID=[...]

export AWS_SECRET_ACCESS_KEY=[...]

#make sure you install aws cli
#https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html

aws --version

export AWS_DEFAULT_REGION=us-east-2

aws iam create-group \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
    --group-name kops

aws iam create-user \
    --user-name kops

aws iam add-user-to-group \
    --user-name kops \
    --group-name kops

aws iam create-access-key \
    --user-name kops >kops-creds

cat kops-creds

export AWS_ACCESS_KEY_ID=$(\
    cat kops-creds | jq -r \
    '.AccessKey.AccessKeyId')

export AWS_SECRET_ACCESS_KEY=$(
    cat kops-creds | jq -r \
    '.AccessKey.SecretAccessKey')

aws ec2 describe-availability-zones \
    --region $AWS_DEFAULT_REGION

export ZONES=$(aws ec2 \
    describe-availability-zones \
    --region $AWS_DEFAULT_REGION \
    | jq -r \
    '.AvailabilityZones[].ZoneName' \
    | tr '\n' ',' | tr -d ' ')

ZONES=${ZONES%?}

echo $ZONES

mkdir -p cluster

cd cluster

aws ec2 create-key-pair \
    --key-name devops25 \
    | jq -r '.KeyMaterial' \
    >devops25.pem

chmod 400 devops25.pem

ssh-keygen -y -f devops25.pem \
    >devops25.pub

export NAME=devops25.k8s.local

export BUCKET_NAME=devops25-store

aws s3api create-bucket \
    --bucket $BUCKET_NAME \
    --create-bucket-configuration \
    LocationConstraint=$AWS_DEFAULT_REGION

export KOPS_STATE_STORE=s3://devops25-store

# If MacOS
brew update && brew install kops

# If MacOS
curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-darwin-amd64

# If MacOS
chmod +x ./kops

# If MacOS
sudo mv ./kops /usr/local/bin/

# If Linux
wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64

# If Linux
chmod +x ./kops

# If Linux
sudo mv ./kops /usr/local/bin/

# If Windows
mkdir config

# If Windows
alias kops="docker run -it --rm \
    -v $PWD/devops25.pub:/devops25.pub \
    -v $PWD/config:/config \
    -e KUBECONFIG=/config/kubecfg.yaml \
    -e NAME=$NAME -e ZONES=$ZONES \
    -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
    -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
    -e KOPS_STATE_STORE=$KOPS_STATE_STORE \
    vfarcic/kops"

kops create cluster \
    --name $NAME \
    --master-count 3 \
    --node-count 1 \
    --node-size t2.small \
    --master-size t2.small \
    --zones $ZONES \
    --master-zones $ZONES \
    --ssh-public-key devops25.pub \
    --networking kubenet \
    --kubernetes-version v1.10.11 \
    --yes

##################
# Install Tiller #
##################

kubectl create \
    -f https://raw.githubusercontent.com/vfarcic/k8s-specs/master/helm/tiller-rbac.yml \
    --record --save-config

helm init --service-account tiller

kubectl -n kube-system \
    rollout status deploy tiller-deploy

##################
# Install ingress #
##################
kubectl create \
    -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml

kubectl -n kube-ingress rollout \
         status deployment ingress-nginx


CLUSTER_DNS=$(aws elb 
    describe-load-balancers | jq -r \
    ".LoadBalancerDescriptions[] \
    | select(.DNSName \
    | contains (\"api-devops25\") \
    | not).DNSName")



aws ec2 \
    describe-instances | jq -r \
    ".Reservations[].Instances[] \
    | select(.SecurityGroups[]\
    .GroupName==\"nodes.$NAME\")\
    .InstanceId"

INSTANCE_ID=$(aws ec2 \
    describe-instances | jq -r \
    ".Reservations[].Instances[] \
    | select(.SecurityGroups[]\
    .GroupName==\"nodes.$NAME\")\
    .InstanceId" | tail -n 1)

cd cluster

mkdir -p config

export KUBECONFIG=$PWD/config/kubecfg.yaml

kops export kubecfg --name ${NAME}

cat $KUBECONFIG

echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
ZONES=$ZONES
NAME=$NAME
KOPS_STATE_STORE=$KOPS_STATE_STORE" \
    >kops

#  destroy cluster
kops delete cluster \
    --name $NAME \
    --yes

aws s3api delete-bucket \
    --bucket devops25-store
# Do NOT run this
# Replace `[...]` with the administrative access key ID.
export AWS_ACCESS_KEY_ID=[...]

# Do NOT run this
# Replace `[...]` with the administrative secret access key.
export AWS_SECRET_ACCESS_KEY=[...]

# Do NOT run this
aws iam remove-user-from-group \
    --user-name kops \
    --group-name kops

# Do NOT run this
aws iam delete-access-key \
    --user-name kops \
    --access-key-id $(\
    cat kops-creds | jq -r \
    '.AccessKey.AccessKeyId')

# Do NOT run this
aws iam delete-user \
    --user-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
    --group-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
    --group-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
    --group-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
    --group-name kops

# Do NOT run this
aws iam delete-group \
    --group-name kops