Link on the GitHub page: https://github.com/eugene100/aws-eugene100
Presentation with useful links: PDF, Keynote
The main zone is us-east-1
Tune up AWS account and AWS CLI
All objects with tag managed=terraform
covered by terraform code.
tf-state file located in eugene100-terraform-tfstate s3 bucket, create it.
export KOPS_STATE_STORE=s3://eugene100-k8s-state-store
export NAME=aws.eugene100.org.ua
$ kops create cluster \
--master-volume-size 8 \
--master-size t2.micro \
--node-count 1 \
--node-size t2.micro \
--node-volume-size 8 \
--zones us-east-1d,us-east-1a,us-east-1c \
${NAME} \
--out=. \
--target=terraform
$ kops edit cluster ${NAME}
Hint: Check command line parameters kops create cluster
Waiting while the cluster is risen up:
$ kops validate cluster ${NAME}
Add more nodes to the cluster
$ kops edit ig nodes
$ kops update cluster aws.eugene100.org.ua --yes
$ kubectl -n kube-system create serviceaccount tiller
$ kubectl create clusterrolebinding tiller \
--clusterrole cluster-admin \
--serviceaccount=kube-system:tiller
$ helm init --service-account tiller
Generate SSL certificate by AWS console.
Go to charts/
folder in the GitHub repository. Change service annotations according yours settings in values.yaml
:
service:
annotations:
domainName: "aws.eugene100.org.ua"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:898344057637:certificate/24c0f6f3-2bb6-435f-acb4-733ed2201002
Install ingress controller:
$ helm install --name ingress -f values.yaml .
Check ELB is created on console.
Create wildcard DNS A record with alias point to a loadbalancer DNS name:
*.aws.eugene100.org.ua. A ALIAS dualstack.a4ee04d64517511e9b9c60e8670309ac-375430142.us-east-1.elb.amazonaws.com.
Change settings related to your domain in values.yaml
:
hosts:
- dashboard.aws.eugene100.org.ua
$ helm install --name dashboard -f values.yaml .
Not working but you can try :)
Create token:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | awk '/^deployment-controller-token-/{print $1}') | awk '$1=="token:"{print $2}'
Open in a browser for test: https://dashboard.aws.eugene100.org.ua
Upgrading helm deployment:
$ helm upgrade dashboard . -f values.yaml
Change settings related to your domain in values.yaml
:
hosts:
- jenkins.aws.eugene100.org.ua
Get Jenkins password:
$ printf $(kubectl get secret --namespace default jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
Jenkins slaves for Kubernetes already setup. You can create job and make a build.
Note: If your slave doesn't want to start check the slave pod:
$ kubectl get pods NAME READY STATUS RESTARTS AGE dashboard-kubernetes-dashboard-78d9b9f5fc-kw5zt 1/1 Running 0 8h default-lq5d5 0/1 Pending 0 5m ingress-nginx-ingress-controller-6844d9ddb-gqmvk 1/1 Running 0 8h ingress-nginx-ingress-default-backend-677b99f864-8js22 1/1 Running 0 8h jenkins-58d5c7f5fd-fvv5v 1/1 Running 0 9m $ kubectl describe po default-lq5d5 Name: default-lq5d5 Namespace: default Priority: 0 PriorityClassName: <none> Node: <none> ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedScheduling 9s (x8 over 5m34s) default-scheduler 0/2 nodes are available: 1 Insufficient cpu, 1 node(s) had taints that the pod didn't tolerate.So, we should add a node or increase existant.
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/route53-mapper/v1.3.0.yml
$ kubectl patch deploy --namespace kube-system route53-mapper -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
Happy Helming!