Generic Intro Slide
Sam Brown - I like solving hard problems with technology
I have (controlled) shiny object syndrome
* Containers & Continuous Delivery Practice Lead at Oteemo
* Organizer - DC Continuous Delivery
* Recovering Java developer
Installing Kubernetes
-
Google - GKE
-
Azure - Container Service
-
AWS - ?? (Coming soon? )**
** AWS recently jointed the Cloud Native Computing Foundation (CNCF) creating speculation that they will have a Kubernetes offering soon.
Why do we need an installer?
Because installing this is complicated...
So, what is KOPS?
Kubernetes Operations (kops)
Production Grade K8s Installation, Upgrades, and Management
Key Features
- Command-Line Interface that can create and manage cluster state
- New or existing VPC
- Public or Private with bastion server
- High-Availability K8s masters across availability zones
- Rolling upgrades in cluster
Configuration management supported via CloudFormation or Terraform templates
(dry-runs & idempotency)
Getting Started
-
Install kubectl command-line tool https://kubernetes.io/docs/tasks/tools/install-kubectl/
-
Install kops
#OSX
brew update && brew install kops
#Linux
#Download latest release: https://github.com/kubernetes/kops/releases
$ chmod +x kops-linux-amd64 # Add execution permissions
$ mv kops-linux-amd64 /usr/local/bin/kops # Move the kops to /usr/local/bin
3. Create an AWS account and set up the CLI https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
4. Create an S3 bucket to store state
5. (Optional) Create a user with specific AWS IAM roles:
AmazonEC2FullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
IAMFullAccess
AmazonVPCFullAccess
Creating the Cluster
#!/bin/bash
export AWS_PROFILE=oteemoxc
export KOPS_STATE_STORE=s3://xc-kops-clusters
kops create cluster \
--node-count 2 \
--zones us-east-1a,us-east-1b \
--master-zones us-east-1a,us-east-1b,us-east-1c \
--dns-zone oteemo-xc.com \
--node-size t2.medium \
--master-size t2.medium \
--kubernetes-version 1.7.3 \
${NAME} \
--yes
Other Interesting Options
--admin-access stringSlice Restrict API access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0])
--api-loadbalancer-type string Sets the API loadbalancer type to either 'public' or 'internal'
--associate-public-ip Specify --associate-public-ip=[true|false] to enable/disable association of public IP for master ASG and nodes. Default is 'true'.
--authorization string Authorization mode to use: AlwaysAllow or RBAC (default "AlwaysAllow")
--bastion Pass the --bastion flag to enable a bastion instance group. Only applies to private topology.
--cloud-labels string A list of KV pairs used to tag all instance groups in AWS (eg "Owner=John Doe,Team=Some Team").
--dns string DNS hosted zone to use: public|private. Default is 'public'. (default "Public")
--dns-zone string DNS hosted zone to use (defaults to longest matching zone)
--encrypt-etcd-storage Generate key in aws kms and use it for encrypt etcd volumes
--master-count int32 Set the number of masters. Defaults to one master per master-zone
--master-security-groups stringSlice Add precreated additional security groups to masters.
--master-size string Set instance size for masters
--master-tenancy string The tenancy of the master group on AWS. Can either be default or dedicated.
--master-zones stringSlice Zones in which to run masters (must be an odd number)
--networking string Networking mode to use. kubenet (default), classic, external, kopeio-vxlan (or kopeio), weave, flannel, calico, canal, kube-router. (default "kubenet")
--node-count int32 Set the number of nodes
--node-security-groups stringSlice Add precreated additional security groups to nodes.
--node-size string Set instance size for nodes
--node-volume-size int32 Set instance volume size (in GB) for nodes
--ssh-access stringSlice Restrict SSH access to this CIDR. If not set, access will not be restricted by IP. (default [0.0.0.0/0])
--ssh-public-key string SSH public key to use (default "~/.ssh/id_rsa.pub")
-t, --topology string Controls network topology for the cluster. public|private. Default is 'public'. (default "public")
--vpc string Set to use a shared VPC
Validating the Cluster
kops validate cluster novakube.oteemo-xc.com
Via kops:
Via dashboard
# Install dashboard to the cluster
kubectl create -f https://git.io/kube-dashboard
# Proxy the dashboard to localhost (not exposed)
kubectl proxy
# Open the dashboard:
open http://locahost:8001/ui
Adding Worker Nodes
# Bring up config file and edit
kops edit instancegroup nodes
# edit file to add nodes
# Send updates to AWS config
kops update cluster --yes
# Apply updates to the cluster itself
kops rolling-update cluster --yes
Updating Kubernetes Version
# Edit cluster configuration
kops edit cluster novakube.oteemo-xc.com
# Set the KubernetesVersion to the target version (e.g. v1.7.4)
# kops update cluster novakube.oteemo-xc.com to preview
kops update cluster novakube.oteemo-xc.com --yes
# kops rolling-update cluster novakube.oteemo-xc.com to preview
kops rolling-update cluster novakube.oteemo-xc.com --yes
Getting Support
- kops Github Repository: https://github.com/kubernetes/kops
- #kops Channel on Kubernetes Slack
Questions?
@SamuelBrownIV
@NOVAKube
Kops Kubernetes
By samueltbrown
Kops Kubernetes
- 752