kops-aws

TO-DO

• Making the cluster private and accessing to the cluster only through a bastion host
• Configuring generated terraform code to use the right AWS credentials

Prerequisites

You need to have the following tools installed:

• aws
• kops
• kubectl
• Keybase
• Terraform

A Keybase username with a key pair is required for encrypting the AWS Secret Access Key for kops user by Terraform and decrypting it on your local machine.

Deployment

1. Prerequisites

You need to have the following AWS resources:

• A Route53 Hosted Zone for your domain
• A S3 Bucket for Terraform backend state named as terraform.<domain_name>

2. Preparation

The infra-terraform project will create the following resources for kops:

• IAM (Group and User)
• S3 (Bucket)
• Route53 (Hosted Zone and Records)
• VPC (VPC, Subnets, Elastic IPs, Gateways, Route Tables, etc.)

Change the directory to infra-terraform project and create a file named terraform.tfvars with the following variables set.

access_key       = "..."
secret_key       = "..."
region           = "..."
environment      = "..."
domain           = "..."
keybase_username = "..."
az_count         = 3|5
create_subnets   = true|false
enable_vpc_logs  = true|false

Now, run the following commands to deploy the infrastructure resources.

make init plan
make apply

After this step, you have three options for deploying the cluster.

3.1 kops

After the infra-terraform project is successfully deployed, change the directory to root and run the following command:

./kops.sh create

If no error, you can run the following command to actually deploy the cluster:

./kops.sh update

For deleting the cluster, run the following command:

./kops.sh delete

3.2 Manifest

NOTE: If using this approach, the az_count variable in infra-terraform project is also going to be the number of masters in your cluster.

After the infra-terraform project is successfully deployed, change the directory to root and run the following command:

./kops.sh manifest

3.3 Terraform

After the infra-terraform project is successfully deployed, change the directory to root and run the following command:

./kops.sh terraform

If no error, change the directory to kops-terraform and first run these commands:

make init upgrade

This initialize the Terraform project and migrates the Terraform source code to the latest version (0.12). Now, you can plan and apply this Terraform project as usual.

make plan
make apply

Tear Down

For tearing down your cluster, you have to start with one of the three options that you deployed your cluster with.

1.1 kops

If you deployed your cluster using kops.sh, you can simply run:

./kops.sh delete

1.2 Manifest

If you deployed your cluster using kops.sh, change the directory to the root and run:

./kops.sh delete

1.3 Terraform

If you deployed your cluster using Terraform, change the directory to kops-terraform and run:

make destroy
make clean purge

2. Cleanup

Finally, you can clean up infra-terraform project by changing the directory to it and run:

make destroy clean

References

• Docs

Getting Started

• AWS
• Bastion

API

• Manifest
• Cluster Spec
• Instance Groups
• Cluster Templating

Networking

• Networking
• Topology
• Existing VPC

Operations

• High Availability
• etcd Backup/Restore
• Updates & Upgrades
• Upgrades & Migrations