I. Introduction
Using kops , you can automatically deploy an EC2 virtual machine on AWS and install kubernetes on the virtual machine for you while granting kops specific AWS permissions.
Using Kubernetes ‘ support for NLB starting from version 1.9 , you can directly create a kubernetes service based on AWS NLB to obtain external IP assigned by AWS for external access.
Step: Create IAM Role as shown below
- In Filter Policy select 1) AmazonAPIGateway Administrator 2)AWSBackupFullAccess.
- In the Tag section Key:name and Value: kopsadmin
- In the Create Role, Role name: kopsadmin
Step — Launch EC2 Instance with the following parameters
AMI- Ubuntu 16.04 LTS (HVM)-ami-0f82752aa17ff8f5d — 64-bit (x86)
Instance Type: t2.micro
Configuration of Instance Details : 1, Network : default VPC, Subnet: default subnets
Add Storage: 8 GB
Add Tags , Key:name and Value: kops
Configure Security Group, Type: SSH,TCP,22,Custom, 0.0.0./0 and add rule
All traffic, all,0–65535,anywhere,0.0.0.0/0, ::/0
Review and Launch
Step — Connect to the instance using putty or gitbash using *.pem key
Install AWS CLI using below commands. AWS Command Line Interface is a tool to configure, manage AWS services from the command line.
Use the following command to install the AWS CLI. AWS Command Line Interface is a tool for configuring and managing AWS services from the command line.
Install aws-cli
curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o awscli-bundle.zip
apt install unzip
unzip awscli-bundle.zip
apt install unzip python -y
./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/awsInstall Kubernetes
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectlConfigure AWS CLI
Configure AWS CLI using below command. Leave the access key id and secret key blank as we are using the IAM role that is attached to the Ubuntu EC2 instance. Input the default region of your choice and output format like JSON.
Use the following commands to configure the AWS CLI. When we use the IAM role attached to the Ubuntu EC2 instance, leave the access key ID and secret key blank. Enter the default region of your choice and output the format, such as JSON.
aws configure
output :
AWS Access Key ID [None] : < your Access key ID >
AWS Secret Access Key [None] : < your secret key >
Default region name [None] : Your region name
Default output format [None] : Install KOPS on Ubuntu EC2
curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d ‘“‘ -f 4)/kops-linux-amd64
chmod +x kops-linux-amd64
sudo mv kops-linux-amd64 /usr/local/bin/kopsEstablish a new AWS Group
aws iam create-group — group-name kops
output:
{
“Group”: {
“Path”: “/”,
“CreateDate”: “2020–09–01T05:25:51.653Z”,
“GroupId”: “XXXXXXXXXXXXXXXX”,
“Arn”: “arn:aws:iam::1234567890:group/kops”,
“GroupName”: “kops”
}
}Grant Group Permissions to the group
aws iam attach-group-policy — policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess — group-name kops
aws iam attach-group-policy — policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess — group-name kops
aws iam attach-group-policy — policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess — group-name kops
aws iam attach-group-policy — policy-arn arn:aws:iam::aws:policy/IAMFullAccess — group-name kops
aws iam attach-group-policy — policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess — group-name kops
Create AWS user and add user to the permission group
aws iam create-user — user-name kopsOutput
{
“User”: {
“UserName”: “kops”,
“Path”: “/”,
“CreateDate”: “2020–09–30T05:26:16.080Z”,
“UserId”: “XXXXXXXXXXXXXXXX”,
“Arn”: “arn:aws:iam::1234567890:user/kops”
}
}
aws iam add-user-to-group — user-name kops — group-name kops
Create an access key for the user kops
aws iam create-access-key — user-name kops
{
“AccessKey”: {
“UserName”: “kops”,
“Status”: “Active”,
“CreateDate”: “2020–09–30T05:26:26.089Z”,
“SecretAccessKey”: “xxxxxxxxxxxxxxxxxxxxx”,
“AccessKeyId”: “yyyyyyyyyyyyyyyyyyyyyyy”
}
}Create Private Hosted Zone in Route 53
Create S3 Bucket
Now we need to create an S3 bucket. This S3 bucket will hold the K8s cluster configuration. To create an S3 bucket and set environment variable, execute the below command in the console.
Now, we need to create an S3 bucket. The S3 bucket will retain the K8s cluster configuration. To create an S3 bucket and set environment variables, execute the following commands in the console.
aws s3 mb s3://<bucket name>
export KOPS_STATE_STORE=s3://<bucket name>
SSH-keygen
root@ip-172–31–17–226:~# ssh-keygenGenerating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:k+JpLGhcPoYit3HDDqNw7aY5Sv2ab1pLTJ4QZInaBv0 root@ip-172–31–17–226
The key’s randomart image is:
+ — -[RSA 2048] — — +
| ..o. |
|..+. |
|.o o |
|. o E . |
| . …. S |
| ..B=o.o . |
|+.@.X*= |
|+*.@**. |
|o.+BB+ |
+ — — [SHA256] — — -+
Create Route53 DNS domain
You can also create domain using AWS console or CLI
Execute below commands to create Kubernetes cluster configuration which will be stored in the S3 bucket created above. This will only create the cluster configuration and not the cluster.
Execute the following command to create a Kubernetes cluster configuration, which will be stored in the S3 bucket created above. This will only create the cluster configuration, not the cluster.
aws route53 create-hosted-zone --name <your-domain-name> --caller-reference 1 or kops create cluster --cloud=aws --zones=ap-south-1b --name=<your-domain -name> --dns-zone=<your-domain -name> --dns private
Create the cluster by executing below command. This will create the cluster in the zone “ap-south-1b” with cluster name as “your -domain.com”.
Create a cluster by executing the following command. This will create the cluster in the “ap-south-1b” area with the cluster name “your-domain.com”.
kops update cluster --name <your-domain-name>--yesOnce you execute the above command, it will create all the necessary resources required for the cluster. Now execute validate command to validate the cluster.
Once the above command is executed, it will create all the necessary resources required by the cluster. Now execute the validate command to verify the cluster.
kops validate clusterIt takes some time to create all the cluster resources. Execute the same command after a few minutes. Once validation is a success and you see “your cluster is ready”. Then list the nodes using below command.
It takes some time to create all cluster resources. Execute the same command in a few minutes. After successful verification, you will see “Your cluster is ready”. Then use the following command to list the nodes.
Use KOPS remove a cluster ( the Deleting a using KOPS at The Cluster )
Execute below command to delete the K8s cluster using KOPS. Replace <yourdomain.com> with the name of your K8s cluster. This will delete all the resources created by KOPS. Before executing this command you need to remove the policy “ElasticLoadBalancingFullAccess” that you attached manually to the role associated with the master node.
Execute the following command to delete the K8s cluster using KOPS. Replace ranga.com with the name of your K8s cluster. This will delete all resources created by KOPS. Before executing this command, you need to delete the policy “ ElasticLoadBalancingFullAccess “ manually attached to the role associated with the master node .
kops delete cluster <your-domain.com> --yesOnce you execute above commad, It takes few minutes to delete the Kubernetes cluster and displays a message “Deleted cluster: cluster name” at the end.
Once the above command is executed, deleting the Kubernetes cluster will take a few minutes, and a message “Delete cluster: cluster name” will be displayed at the end.