cluster-api-aws-commands.sh

#!/bin/bash

# https://news.ycombinator.com/item?id=10736584
set -o errexit -o nounset -o pipefail
# this line enables debugging
set -xv

# create cluster
kind -v 3 create cluster --kubeconfig ~/.kube/kind-kubeconfigs --name clusterapi
cp ~/.kube/kind-kubeconfigs ~/.kube/config

# ~/.aws/credentials looks like this
# [default]
# aws_access_key_id = XXX
# aws_secret_access_key = XXX
export AWS_REGION=us-east-1

# if you want to use the examples generate script, right now it's not working (pr here: https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/1345) 
# also, it's a bit out of date
cd ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws && make clusterawsadm

# follow prerequisites here: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/master/docs/prerequisites.md#with-clusterawsadm
cd ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws/bin && ./clusterawsadm alpha bootstrap create-stack

# Output will look like this:
# Attempting to create CloudFormation stack cluster-api-provider-aws-sigs-k8s-io

# Following resources are in the stack: 

# Resource                  |Type                                                                                |Status
# AWS::IAM::Group           |bootstrapper.cluster-api-provider-aws.sigs.k8s.io                                   |CREATE_COMPLETE
# AWS::IAM::InstanceProfile |control-plane.cluster-api-provider-aws.sigs.k8s.io                                  |CREATE_COMPLETE
# AWS::IAM::InstanceProfile |controllers.cluster-api-provider-aws.sigs.k8s.io                                    |CREATE_COMPLETE
# AWS::IAM::InstanceProfile |nodes.cluster-api-provider-aws.sigs.k8s.io                                          |CREATE_COMPLETE
# AWS::IAM::ManagedPolicy   |arn:aws:iam::806067863659:policy/control-plane.cluster-api-provider-aws.sigs.k8s.io |CREATE_COMPLETE
# AWS::IAM::ManagedPolicy   |arn:aws:iam::806067863659:policy/nodes.cluster-api-provider-aws.sigs.k8s.io         |CREATE_COMPLETE
# AWS::IAM::ManagedPolicy   |arn:aws:iam::806067863659:policy/controllers.cluster-api-provider-aws.sigs.k8s.io   |CREATE_COMPLETE
# AWS::IAM::Role            |control-plane.cluster-api-provider-aws.sigs.k8s.io                                  |CREATE_COMPLETE
# AWS::IAM::Role            |controllers.cluster-api-provider-aws.sigs.k8s.io                                    |CREATE_COMPLETE
# AWS::IAM::Role            |nodes.cluster-api-provider-aws.sigs.k8s.io                                          |CREATE_COMPLETE
# AWS::IAM::User            |bootstrapper.cluster-api-provider-aws.sigs.k8s.io                                   |CREATE_COMPLETE

# Create default ssh key-pair
# source: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/master/docs/prerequisites.md
aws ssm put-parameter --name "/sigs.k8s.io/cluster-api-provider-aws/ssh-key" \
  --type SecureString \
  --value "$(aws ec2 create-key-pair --key-name default | jq .KeyMaterial -r)"
  
# Use the stuff generated in step 1
export AWS_CREDENTIALS=$(aws iam create-access-key --user-name bootstrapper.cluster-api-provider-aws.sigs.k8s.io)
export AWS_ACCESS_KEY_ID=$(echo $AWS_CREDENTIALS | jq .AccessKey.AccessKeyId -r)
export AWS_SECRET_ACCESS_KEY=$(echo $AWS_CREDENTIALS | jq .AccessKey.SecretAccessKey -r)

# generate the yamls
cd ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws/examples && rm -rf _out && ./generate.sh

# NOTE: Ensure that the cert-manager components are running before creating the provider-components, cluster and control-plane.
# WARNING: /Users/bhutwala/gocode/src/sigs.k8s.io/cluster-api-provider-aws/examples/_out/provider-components.yaml includes AWS credentials

# as the note indicates, let's first create the cert-manager components
# this will create 3 deployments in cert-manager namespace and some other goodies (crds, webhooks, etc.)
kubectl apply -f ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws/examples/_out/cert-manager.yaml

# wait
sleep 10

# now, let's create provider-components
# this will create one deployment in capi-system namespace and one deployment in capa-system namespace and some other goodies
kubectl apply -f ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws/examples/_out/provider-components.yaml

# wait
sleep 10

# create a cluster object
kubectl apply -f ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws/examples/_out/cluster.yaml

#look at the logs for any debugging
#kubectl logs -f -n capa-system <CAPA_CONTROLLER_MANAGER_NAME>

# wait
sleep 10

# Now that we’ve created the cluster object, we can create a control plane Machine.
kubectl apply -f ~/gocode/src/sigs.k8s.io/cluster-api-provider-aws/examples/_out/controlplane.yaml

# wait
sleep 10

# get the manager cluster here
kubectl --namespace=default get secret/capi-quickstart-kubeconfig -o json \
  | jq -r .data.value \
  | base64 --decode \
  > ./capi-quickstart.kubeconfig

# useful commands
#aws ec2 create-key-pair --key-name default | jq .KeyMaterial -r
#aws ec2 describe-key-pairs --key-name default
#aws ec2 delete-key-pair --key-name default


#aws iam get-instance-profile --instance-profile-name control-plane.cluster-api-provider-aws.sigs.k8s.io --output json
#aws iam create-instance-profile --instance-profile-name control-plane.cluster-api-provider-aws.sigs.k8s.io
#aws iam delete-instance-profile --instance-profile-name control-plane.cluster-api-provider-aws.sigs.k8s.io

# source: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/master/docs/troubleshooting.md