Name | Email Address |
Mitali Salvi | |
PinHo Wang | |
You need to configure the following first before using this playbook:
- Add AWS credentials of member accounts (For KOPS)
- Clear boto config
- Create S3 bucket for KOPS State Store
- Generate new SSH key for connecting to bastion node
Create a new IAM user in each member accounts having console as well as programmatic access. Attach followig policies to these users:
- AdministratorAccess
- AmazonRoute53DomainsFullAccess
Note: Make sure you download the Access Keys file (*.csv) for each user. These keys will be used to setup profiles in the next step.
Open ~/.aws/credentials
in any text editor. It should look like the following:
aws_access_key_id = <aws-access-key-id-of-root-account>
aws_secret_access_key = <aws-secret-access-key-for-root-account>
Append credentials of your member accounts, and tag them with profile names. In our case, it is dev
and prod
, which represent our different environments.
aws_access_key_id = <aws-access-key-id-for-root-account>
aws_secret_access_key = <aws-secret-access-key-for-root-account>
aws_access_key_id = <aws-access-key-id-for-dev-account>
aws_secret_access_key = <aws-secret-access-key-for-dev-account>
aws_access_key_id = <aws-access-key-id-for-prod-account>
aws_secret_access_key = <aws-secret-access-key-for-prod-account>
Note: In this document, we will refer to
corresponding to the member accounts
If we have ~/.aws/credentials
, we do not need ~/.boto
. So open ~/.boto
in any text editor and make sure there is nothing in it.
Note: It is assumed that you have a DNS Hosted Zone in your root account, from the course CSYE6225 (referred as
For kops/k8s we need to have a domain/hosted zone. Create public and private DNS hosted zones using the AWS Route 53 service for each of your member accounts. Name these Hosted Zones as follows:
Create an S3 bucket in us-east-1
region for each of your member accounts. The name of the bucket can be anything but the following format is recommended:-
Create a new SSH key using the following command:
ssh-keygen -t rsa -C "your_email_id"
Note the path of the public key file
Run the playbook main.yaml
in the root of the repository with extra variables (some are required).
ansible-playbook main.yaml --extra-vars "<variable-key>=<variable-value>"
Key | Required | Default | Values |
command | Yes | String - start | delete | |
kops_state_store | Yes | String - ARN of the s3 bucket. Eg. s3://s3bucketname | |
cluster_name | Yes | String - Name of the cluster created. Eg. | |
dns_zone_id | Yes (if command=start) | String - DNS ZONE ID of the private hosted zone (Can be found in Route 53) | |
fluentd_accessid | Yes | String - access id of fluentd IAM user | |
fluentd_accesskey | Yes | String - access key of fluentd IAM user | |
public_dns_zone_id | Yes | String - DNS ZONE ID of the public hosted zone (Can be found in Route 53) | |
public_domain_name | Yes | String - Name of your domain | |
node_count | No | 3 | Number - Number of worker nodes |
ssh_path | No | String - Path of the public SSH key previously generated | |
master_count | No | 3 | Number - Number of Master Nodes |
node_size | No | t2.medium | String - Type of EC2 Instance |
master_size | No | t2.medium | String - Type of EC2 Instance |
topology | No | private | String - public | private |
networking | No | weave | String - Networking mode to use. kubenet | classic | external | kopeio-vxlan (or kopeio) | weave | flannel-vxlan (or flannel) | flannel-udp | calico | canal | kube-router | romana | amazon-vpc-routed-eni | cilium | cni. |
bastion | No | true | Boolean - true | false |
dns | No | private | String - public | private |
cloud | No | aws | String - gce | aws | vsphere | openstack |
profile | No | dev | String - AWS named profile in ~/.aws/credentials |
k8s_version | No | 1.13.0 | String - Kubernetes Version |
Run the following command in the root of the project
ansible-playbook main.yaml --extra-vars "command=start cluster_name=<name-of-your-cluster> kops_state_store=s3://<name-of-your-s3-bucket> dns_zone_id=<private-hosted-zone-id> ssh_path="ssh_file_path" profile=<aws-profile> fluentd_accessid=<fluentd-iam-user-access-id> fluentd_accesskey=<fluentd-iam-user-access-key> public_dns_zone_id=<public-hosted-zone-id> public_domain_name=<domain-name>"
ssh -o "IdentitiesOnly=yes" -i /path/to/key admin@"DNSNameOfLoadBalancer"
Run the following command in the root of the project
ansible-playbook main.yaml --extra-vars "command=delete cluster_name=<name-of-your-cluster> kops_state_store=s3://<name-of-your-s3-bucket>"
ssh -i <YourPrivateKey> ec2-user@<Public Dns Ip>