Last active
January 8, 2019 05:51
-
-
Save prageethw/882684167588c9e4679402c27ff7be0c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cd k8s-specs | |
git pull | |
export AWS_ACCESS_KEY_ID=[...] | |
export AWS_SECRET_ACCESS_KEY=[...] | |
#make sure you install aws cli | |
#https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html | |
aws --version | |
export AWS_DEFAULT_REGION=us-east-2 | |
aws iam create-group \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \ | |
--group-name kops | |
aws iam attach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \ | |
--group-name kops | |
aws iam create-user \ | |
--user-name kops | |
aws iam add-user-to-group \ | |
--user-name kops \ | |
--group-name kops | |
aws iam create-access-key \ | |
--user-name kops >kops-creds | |
cat kops-creds | |
export AWS_ACCESS_KEY_ID=$(\ | |
cat kops-creds | jq -r \ | |
'.AccessKey.AccessKeyId') | |
export AWS_SECRET_ACCESS_KEY=$( | |
cat kops-creds | jq -r \ | |
'.AccessKey.SecretAccessKey') | |
aws ec2 describe-availability-zones \ | |
--region $AWS_DEFAULT_REGION | |
export ZONES=$(aws ec2 \ | |
describe-availability-zones \ | |
--region $AWS_DEFAULT_REGION \ | |
| jq -r \ | |
'.AvailabilityZones[].ZoneName' \ | |
| tr '\n' ',' | tr -d ' ') | |
ZONES=${ZONES%?} | |
echo $ZONES | |
mkdir -p cluster | |
cd cluster | |
aws ec2 create-key-pair \ | |
--key-name devops25 \ | |
| jq -r '.KeyMaterial' \ | |
>devops25.pem | |
chmod 400 devops25.pem | |
ssh-keygen -y -f devops25.pem \ | |
>devops25.pub | |
export NAME=devops25.k8s.local | |
export BUCKET_NAME=devops25-store | |
aws s3api create-bucket \ | |
--bucket $BUCKET_NAME \ | |
--create-bucket-configuration \ | |
LocationConstraint=$AWS_DEFAULT_REGION | |
export KOPS_STATE_STORE=s3://devops25-store | |
# If MacOS | |
brew update && brew install kops | |
# If MacOS | |
curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-darwin-amd64 | |
# If MacOS | |
chmod +x ./kops | |
# If MacOS | |
sudo mv ./kops /usr/local/bin/ | |
# If Linux | |
wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64 | |
# If Linux | |
chmod +x ./kops | |
# If Linux | |
sudo mv ./kops /usr/local/bin/ | |
# If Windows | |
mkdir config | |
# If Windows | |
alias kops="docker run -it --rm \ | |
-v $PWD/devops25.pub:/devops25.pub \ | |
-v $PWD/config:/config \ | |
-e KUBECONFIG=/config/kubecfg.yaml \ | |
-e NAME=$NAME -e ZONES=$ZONES \ | |
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ | |
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \ | |
-e KOPS_STATE_STORE=$KOPS_STATE_STORE \ | |
vfarcic/kops" | |
kops create cluster \ | |
--name $NAME \ | |
--master-count ${MASTER_COUNT:-3} \ | |
--node-count ${NODE_COUNT:-3} \ | |
--master-size ${MASTER_SIZE:-t2.small} \ | |
--node-size ${NODE_SIZE:-t2.small} \ | |
--zones $ZONES \ | |
--encrypt-etcd-storage \ | |
--master-zones $ZONES \ | |
--ssh-public-key ${SSH_PUBLIC_KEY:-devops25.pub} \ | |
--networking kubenet \ | |
--authorization RBAC \ | |
--admin-access ${IP_WHITELIST:-0.0.0.0/0} \ | |
--dry-run=true \ | |
--output yaml > $NAME.yaml \ | |
--yes | |
cat $NAME.yaml | sed -e "s@minSize: ${NODE_COUNT:-3}@minSize: ${MIN_NODE_COUNT:-1}@g" | tee $NAME.yaml | |
kops create -f $NAME.yaml | |
kops create secret --name $NAME sshpublickey admin -i devops25.pub | |
kops update cluster $NAME --yes | |
kops validate cluster $NAME | |
#patch manifest with autoscaling labels | |
sed -i '' '/role: Node/r ../scaling/auto-sacaling-tags.yaml' $NAME.yaml | |
kops replace -f $NAME.yaml | |
kops update cluster $NAME --yes | |
################## | |
# Install Tiller # | |
################## | |
kubectl create \ | |
-f https://raw.githubusercontent.com/vfarcic/k8s-specs/master/helm/tiller-rbac.yml \ | |
--record --save-config | |
helm init --service-account tiller | |
kubectl -n kube-system \ | |
rollout status deploy tiller-deploy | |
################## | |
# Install ingress # | |
################## | |
kubectl create \ | |
-f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml | |
kubectl -n kube-ingress rollout \ | |
status deployment ingress-nginx | |
CLUSTER_DNS=$(aws elb | |
describe-load-balancers | jq -r \ | |
".LoadBalancerDescriptions[] \ | |
| select(.DNSName \ | |
| contains (\"api-devops25\") \ | |
| not).DNSName") | |
aws ec2 \ | |
describe-instances | jq -r \ | |
".Reservations[].Instances[] \ | |
| select(.SecurityGroups[]\ | |
.GroupName==\"nodes.$NAME\")\ | |
.InstanceId" | |
INSTANCE_ID=$(aws ec2 \ | |
describe-instances | jq -r \ | |
".Reservations[].Instances[] \ | |
| select(.SecurityGroups[]\ | |
.GroupName==\"nodes.$NAME\")\ | |
.InstanceId" | tail -n 1) | |
cd cluster | |
mkdir -p config | |
export KUBECONFIG=$PWD/config/kubecfg.yaml | |
kops export kubecfg --name ${NAME} | |
cat $KUBECONFIG | |
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID | |
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY | |
AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION | |
ZONES=$ZONES | |
NAME=$NAME | |
KOPS_STATE_STORE=$KOPS_STATE_STORE" \ | |
>kops | |
# destroy cluster | |
kops delete cluster \ | |
--name $NAME \ | |
--yes | |
aws s3api delete-bucket \ | |
--bucket devops25-store | |
# Do NOT run this | |
# Replace `[...]` with the administrative access key ID. | |
export AWS_ACCESS_KEY_ID=[...] | |
# Do NOT run this | |
# Replace `[...]` with the administrative secret access key. | |
export AWS_SECRET_ACCESS_KEY=[...] | |
# Do NOT run this | |
aws iam remove-user-from-group \ | |
--user-name kops \ | |
--group-name kops | |
# Do NOT run this | |
aws iam delete-access-key \ | |
--user-name kops \ | |
--access-key-id $(\ | |
cat kops-creds | jq -r \ | |
'.AccessKey.AccessKeyId') | |
# Do NOT run this | |
aws iam delete-user \ | |
--user-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam detach-group-policy \ | |
--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \ | |
--group-name kops | |
# Do NOT run this | |
aws iam delete-group \ | |
--group-name kops |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment