prageethw/kops-aws-manifest.sh

## kops-aws-manifest.sh
cd k8s-specs

git pull

export AWS_ACCESS_KEY_ID=[...]

export AWS_SECRET_ACCESS_KEY=[...]

#make sure you install aws cli
#https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html

aws --version

export AWS_DEFAULT_REGION=us-east-2

aws iam create-group \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
    --group-name kops

aws iam attach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
    --group-name kops

aws iam create-user \
    --user-name kops

aws iam add-user-to-group \
    --user-name kops \
    --group-name kops

aws iam create-access-key \
    --user-name kops >kops-creds

cat kops-creds

export AWS_ACCESS_KEY_ID=$(\
    cat kops-creds | jq -r \
    '.AccessKey.AccessKeyId')

export AWS_SECRET_ACCESS_KEY=$(
    cat kops-creds | jq -r \
    '.AccessKey.SecretAccessKey')

aws ec2 describe-availability-zones \
    --region $AWS_DEFAULT_REGION

export ZONES=$(aws ec2 \
    describe-availability-zones \
    --region $AWS_DEFAULT_REGION \
    | jq -r \
    '.AvailabilityZones[].ZoneName' \
    | tr '\n' ',' | tr -d ' ')

ZONES=${ZONES%?}

echo $ZONES

mkdir -p cluster

cd cluster

aws ec2 create-key-pair \
    --key-name devops25 \
    | jq -r '.KeyMaterial' \
    >devops25.pem

chmod 400 devops25.pem

ssh-keygen -y -f devops25.pem \
    >devops25.pub

export NAME=devops25.k8s.local

export BUCKET_NAME=devops25-store

aws s3api create-bucket \
    --bucket $BUCKET_NAME \
    --create-bucket-configuration \
    LocationConstraint=$AWS_DEFAULT_REGION

export KOPS_STATE_STORE=s3://devops25-store

# If MacOS
brew update && brew install kops

# If MacOS
curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-darwin-amd64

# If MacOS
chmod +x ./kops

# If MacOS
sudo mv ./kops /usr/local/bin/

# If Linux
wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64

# If Linux
chmod +x ./kops

# If Linux
sudo mv ./kops /usr/local/bin/

# If Windows
mkdir config

# If Windows
alias kops="docker run -it --rm \
    -v $PWD/devops25.pub:/devops25.pub \
    -v $PWD/config:/config \
    -e KUBECONFIG=/config/kubecfg.yaml \
    -e NAME=$NAME -e ZONES=$ZONES \
    -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
    -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
    -e KOPS_STATE_STORE=$KOPS_STATE_STORE \
    vfarcic/kops"

kops create cluster \
  --name $NAME \
  --master-count ${MASTER_COUNT:-3} \
  --node-count ${NODE_COUNT:-3} \
  --master-size ${MASTER_SIZE:-t2.small} \
  --node-size ${NODE_SIZE:-t2.small} \
  --zones $ZONES \
  --encrypt-etcd-storage \
  --master-zones $ZONES \
  --ssh-public-key ${SSH_PUBLIC_KEY:-devops25.pub} \
  --networking kubenet \
  --authorization RBAC \
  --admin-access ${IP_WHITELIST:-0.0.0.0/0} \
  --dry-run=true \
  --output yaml > $NAME.yaml \
  --yes

 cat $NAME.yaml  | sed -e  "s@minSize: ${NODE_COUNT:-3}@minSize: ${MIN_NODE_COUNT:-1}@g" | tee $NAME.yaml
 kops create -f $NAME.yaml
 kops create secret --name $NAME sshpublickey admin -i devops25.pub
 kops update cluster $NAME  --yes
 kops validate cluster $NAME

 #patch manifest with autoscaling labels
 sed -i '' '/role: Node/r ../scaling/auto-sacaling-tags.yaml' $NAME.yaml
 kops replace -f $NAME.yaml
 kops update cluster $NAME --yes


##################
# Install Tiller #
##################

kubectl create \
    -f https://raw.githubusercontent.com/vfarcic/k8s-specs/master/helm/tiller-rbac.yml \
    --record --save-config

helm init --service-account tiller

kubectl -n kube-system \
    rollout status deploy tiller-deploy

##################
# Install ingress #
##################
kubectl create \
    -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml

kubectl -n kube-ingress rollout \
         status deployment ingress-nginx


CLUSTER_DNS=$(aws elb
    describe-load-balancers | jq -r \
    ".LoadBalancerDescriptions[] \
    | select(.DNSName \
    | contains (\"api-devops25\") \
    | not).DNSName")


aws ec2 \
    describe-instances | jq -r \
    ".Reservations[].Instances[] \
    | select(.SecurityGroups[]\
    .GroupName==\"nodes.$NAME\")\
    .InstanceId"

INSTANCE_ID=$(aws ec2 \
    describe-instances | jq -r \
    ".Reservations[].Instances[] \
    | select(.SecurityGroups[]\
    .GroupName==\"nodes.$NAME\")\
    .InstanceId" | tail -n 1)

cd cluster

mkdir -p config

export KUBECONFIG=$PWD/config/kubecfg.yaml

kops export kubecfg --name ${NAME}

cat $KUBECONFIG

echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
ZONES=$ZONES
NAME=$NAME
KOPS_STATE_STORE=$KOPS_STATE_STORE" \
    >kops

#  destroy cluster
kops delete cluster \
    --name $NAME \
    --yes

aws s3api delete-bucket \
    --bucket devops25-store
# Do NOT run this
# Replace `[...]` with the administrative access key ID.
export AWS_ACCESS_KEY_ID=[...]

# Do NOT run this
# Replace `[...]` with the administrative secret access key.
export AWS_SECRET_ACCESS_KEY=[...]

# Do NOT run this
aws iam remove-user-from-group \
    --user-name kops \
    --group-name kops

# Do NOT run this
aws iam delete-access-key \
    --user-name kops \
    --access-key-id $(\
    cat kops-creds | jq -r \
    '.AccessKey.AccessKeyId')

# Do NOT run this
aws iam delete-user \
    --user-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
    --group-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
    --group-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
    --group-name kops

# Do NOT run this
aws iam detach-group-policy \
    --policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
    --group-name kops

# Do NOT run this
aws iam delete-group \
    --group-name kops
	cd k8s-specs

	git pull

	export AWS_ACCESS_KEY_ID=[...]

	export AWS_SECRET_ACCESS_KEY=[...]

	#make sure you install aws cli
	#https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html

	aws --version

	export AWS_DEFAULT_REGION=us-east-2

	aws iam create-group \
	--group-name kops

	aws iam attach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
	--group-name kops

	aws iam attach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
	--group-name kops

	aws iam attach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
	--group-name kops

	aws iam attach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
	--group-name kops

	aws iam create-user \
	--user-name kops

	aws iam add-user-to-group \
	--user-name kops \
	--group-name kops

	aws iam create-access-key \
	--user-name kops >kops-creds

	cat kops-creds

	export AWS_ACCESS_KEY_ID=$(\
	cat kops-creds \| jq -r \
	'.AccessKey.AccessKeyId')

	export AWS_SECRET_ACCESS_KEY=$(
	cat kops-creds \| jq -r \
	'.AccessKey.SecretAccessKey')

	aws ec2 describe-availability-zones \
	--region $AWS_DEFAULT_REGION

	export ZONES=$(aws ec2 \
	describe-availability-zones \
	--region $AWS_DEFAULT_REGION \
	\| jq -r \
	'.AvailabilityZones[].ZoneName' \
	\| tr '\n' ',' \| tr -d ' ')

	ZONES=${ZONES%?}

	echo $ZONES

	mkdir -p cluster

	cd cluster

	aws ec2 create-key-pair \
	--key-name devops25 \
	\| jq -r '.KeyMaterial' \
	>devops25.pem

	chmod 400 devops25.pem

	ssh-keygen -y -f devops25.pem \
	>devops25.pub

	export NAME=devops25.k8s.local

	export BUCKET_NAME=devops25-store

	aws s3api create-bucket \
	--bucket $BUCKET_NAME \
	--create-bucket-configuration \
	LocationConstraint=$AWS_DEFAULT_REGION

	export KOPS_STATE_STORE=s3://devops25-store

	# If MacOS
	brew update && brew install kops

	# If MacOS
	curl -Lo kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest \| grep tag_name \| cut -d '"' -f 4)/kops-darwin-amd64

	# If MacOS
	chmod +x ./kops

	# If MacOS
	sudo mv ./kops /usr/local/bin/

	# If Linux
	wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest \| grep tag_name \| cut -d '"' -f 4)/kops-linux-amd64

	# If Linux
	chmod +x ./kops

	# If Linux
	sudo mv ./kops /usr/local/bin/

	# If Windows
	mkdir config

	# If Windows
	alias kops="docker run -it --rm \
	-v $PWD/devops25.pub:/devops25.pub \
	-v $PWD/config:/config \
	-e KUBECONFIG=/config/kubecfg.yaml \
	-e NAME=$NAME -e ZONES=$ZONES \
	-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
	-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
	-e KOPS_STATE_STORE=$KOPS_STATE_STORE \
	vfarcic/kops"

	kops create cluster \
	--name $NAME \
	--master-count ${MASTER_COUNT:-3} \
	--node-count ${NODE_COUNT:-3} \
	--master-size ${MASTER_SIZE:-t2.small} \
	--node-size ${NODE_SIZE:-t2.small} \
	--zones $ZONES \
	--encrypt-etcd-storage \
	--master-zones $ZONES \
	--ssh-public-key ${SSH_PUBLIC_KEY:-devops25.pub} \
	--networking kubenet \
	--authorization RBAC \
	--admin-access ${IP_WHITELIST:-0.0.0.0/0} \
	--dry-run=true \
	--output yaml > $NAME.yaml \
	--yes

	cat $NAME.yaml \| sed -e "s@minSize: ${NODE_COUNT:-3}@minSize: ${MIN_NODE_COUNT:-1}@g" \| tee $NAME.yaml
	kops create -f $NAME.yaml
	kops create secret --name $NAME sshpublickey admin -i devops25.pub
	kops update cluster $NAME --yes
	kops validate cluster $NAME

	#patch manifest with autoscaling labels
	sed -i '' '/role: Node/r ../scaling/auto-sacaling-tags.yaml' $NAME.yaml
	kops replace -f $NAME.yaml
	kops update cluster $NAME --yes


	##################
	# Install Tiller #
	##################

	kubectl create \
	-f https://raw.githubusercontent.com/vfarcic/k8s-specs/master/helm/tiller-rbac.yml \
	--record --save-config

	helm init --service-account tiller

	kubectl -n kube-system \
	rollout status deploy tiller-deploy

	##################
	# Install ingress #
	##################
	kubectl create \
	-f https://raw.githubusercontent.com/kubernetes/kops/master/addons/ingress-nginx/v1.6.0.yaml

	kubectl -n kube-ingress rollout \
	status deployment ingress-nginx


	CLUSTER_DNS=$(aws elb
	describe-load-balancers \| jq -r \
	".LoadBalancerDescriptions[] \
	\| select(.DNSName \
	\| contains (\"api-devops25\") \
	\| not).DNSName")



	aws ec2 \
	describe-instances \| jq -r \
	".Reservations[].Instances[] \
	\| select(.SecurityGroups[]\
	.GroupName==\"nodes.$NAME\")\
	.InstanceId"

	INSTANCE_ID=$(aws ec2 \
	describe-instances \| jq -r \
	".Reservations[].Instances[] \
	\| select(.SecurityGroups[]\
	.GroupName==\"nodes.$NAME\")\
	.InstanceId" \| tail -n 1)

	cd cluster

	mkdir -p config

	export KUBECONFIG=$PWD/config/kubecfg.yaml

	kops export kubecfg --name ${NAME}

	cat $KUBECONFIG

	echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
	AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
	AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION
	ZONES=$ZONES
	NAME=$NAME
	KOPS_STATE_STORE=$KOPS_STATE_STORE" \
	>kops

	# destroy cluster
	kops delete cluster \
	--name $NAME \
	--yes

	aws s3api delete-bucket \
	--bucket devops25-store
	# Do NOT run this
	# Replace `[...]` with the administrative access key ID.
	export AWS_ACCESS_KEY_ID=[...]

	# Do NOT run this
	# Replace `[...]` with the administrative secret access key.
	export AWS_SECRET_ACCESS_KEY=[...]

	# Do NOT run this
	aws iam remove-user-from-group \
	--user-name kops \
	--group-name kops

	# Do NOT run this
	aws iam delete-access-key \
	--user-name kops \
	--access-key-id $(\
	cat kops-creds \| jq -r \
	'.AccessKey.AccessKeyId')

	# Do NOT run this
	aws iam delete-user \
	--user-name kops

	# Do NOT run this
	aws iam detach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \
	--group-name kops

	# Do NOT run this
	aws iam detach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
	--group-name kops

	# Do NOT run this
	aws iam detach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
	--group-name kops

	# Do NOT run this
	aws iam detach-group-policy \
	--policy-arn arn:aws:iam::aws:policy/IAMFullAccess \
	--group-name kops

	# Do NOT run this
	aws iam delete-group \
	--group-name kops