©2019 by Raghavendra Kambhampati

How to setup production grade Kubernetes cluster on AWS EC2 ubuntu Instance using kops within 10min?

There are various ways to install kubernetes on AWS and using kops is the ideal and fastest way one among them to do a production setup.In this article, we are going to focus on kubernetes setup using kops with one master node and 2 worker nodes setup for demonstration purposes.Since this is deployed on AWS using kops, it will enable auto scaling feature for the worker nodes using default configuration and gives the flexibility for end users to modify as per the need.


Before implementing the outlined steps, users should have minimum understanding or working knowledge on AWS and Kubernetes.


NOTE:We will be using the Mumbai region in AWS for demonstration purposes, users can select regions based on their geography presence.


What is kops?

kops is an automated provisioning system:

  • Fully automated installation

  • Uses DNS to identify clusters

  • Self-healing: everything runs in Auto-Scaling Groups

  • Multiple OS support (Debian, Ubuntu 16.04 supported, CentOS & RHEL, Amazon Linux and CoreOS)

  • High-Availability support

  • Can directly provision, or generate terraform manifests


Prerequisites:

1. Access to AWS account.

2. Create an IAM user account which has admin privileges or privileges with full access to IAM,EC2,S3,Route53,VPC services etc with access type enabled for both programmatic access and AWS management console access.( NOTE:Don’t use root credentials for any of your learning or production related activities as best practice)

3. 1 t2.micro AWS EC2 ubuntu instance with version >16.04 LTS which will be used as client machine where we will login and install packages such as awscli, ubuntu packages, kubectl, kops etc and configure kubernetes.This is one of the suggested best practice to have a separate client machine on AWS for this kind of production grade setups.

4. Registered domain using Route53 or create new domain from https://www.freenom.com/ free of cost .( Refer step no 7 on how to create new domain on freenom.com )


STEP 1: Login to AWS using their IAM user credentials.

STEP 2: Create AWS EC2 ubuntu instance using t2.micro as client machine.Go to AWS Console->Click Services->Click EC2 under Compute->Click Launch Instance->Select Ubuntu Server 18.04 LTS -64-bit->Click Next

Select t2.micro General Purpose Instance->Click Next:Configure Instance Details

You can keep all the default values as it is and ensure you are selecting default VPC under Network field and if you have your own VPC select that VPC->Click Next :Add Storage


Change the default volume size from 8GiB to 30GiB and keep all other values as default->Click Next: Add Tags


Add Tags to your EC2 instance to label your AWS resource and easily recognise your AWS Kubernetes client machine for running your commands using Key,Value details ->Click Next: Configure Security Group


For example: I have given the Tag Key as Name and Value as Kubernetes client machine.Users can give the values as per their preference and can add details like owner, environment, project etc as additional labels to categorize your instance.


Select Create a new security group->Add the Security group name and description and under type select SSH/All traffic as network protocol and ensure you are selecting source as My IP as it takes your current machine IP and allows incoming traffic to your EC2 instance only from the source IP.Don’t select source as anywhere 0.0.0.0/0 as this will give access to open network and allows open traffic to flow from anywhere which is a potential threat to your organization.


NOTE:The source IP can change when you change your network connectivity from wifi or any other network .So to ensure you have access to this instance go to the security group and edit source IP ->click on My IP again to capture your latest IP address of the source machine ->Click Review and Launch.


You can preview all the configuration details you have entered and Click Launch->It will ask you to select any key pair.If you have existing select the existing key pair, if not select Create a new key pair option->Enter the name of key pair->Click on Download key pair->and then Click Launch instances.


You will get a new dashboard with your instance ID details.Click on the instance id , it will point to your EC2 instances page with status first as pending and then to running status within few seconds after which you can access your instance.


Once your instance is up and running, select the instance you created ->copy your Public DNS and paste into your putty or mac terminal and login with your key pairs.


NOTE:Once you have download your key pair ,you will have key pair in the format of .pem file and use putty based ssh-keygen to convert your .pem file to .ppk file and use this .ppk key for logging into instances using putty .If you are using mac terminal,simply run the below commands in terminal.

chmod 400 **/path/to/your/key/****.pem
ssh -i **/path/to/your/key/****.pem ubuntu@Public DNS of your ec2 instance

STEP 3: SSH to the AWS EC2 Ubuntu Instance and run the below commands

ubuntu@ip-10-0-0-131:~$ sudo apt-get update
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:5 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [651 kB]
Get:6 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [8570 kB]
Get:7 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [211 kB]
Get:8 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [23.8 kB]
Get:9 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [6528 B]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [649 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [218 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [6760 B]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [2700 B]
Get:14 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe Translation-en [4941 kB]
Get:15 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [151 kB]
Get:16 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/multiverse Translation-en [108 kB]
Get:17 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [871 kB]
Get:18 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [303 kB]
Get:19 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [32.9 kB]
Get:20 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [8468 B]
Get:21 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1054 kB]
Get:22 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [326 kB]
Get:23 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [10.1 kB]
Get:24 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [4636 B]
Get:25 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [2512 B]
Get:26 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports/main Translation-en [1644 B]
Get:27 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [4028 B]
Get:28 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [1900 B]
Fetched 18.4 MB in 6s (3299 kB/s)
Reading package lists... Done
ubuntu@ip-10-0-0-131:~$ sudo apt-get install awscli
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
docutils-common libjbig0 libjpeg-turbo8 libjpeg8 liblcms2-2 libpaper-utils
libpaper1 libtiff5 libwebp6 libwebpdemux2 libwebpmux3 python3-botocore
python3-dateutil python3-docutils python3-jmespath python3-olefile
python3-pil python3-pygments python3-roman python3-rsa python3-s3transfer
sgml-base xml-core
Suggested packages:
liblcms2-utils docutils-doc fonts-linuxlibertine | ttf-linux-libertine
texlive-lang-french texlive-latex-base texlive-latex-recommended
python-pil-doc python3-pil-dbg ttf-bitstream-vera sgml-base-doc debhelper
The following NEW packages will be installed:
awscli docutils-common libjbig0 libjpeg-turbo8 libjpeg8 liblcms2-2
libpaper-utils libpaper1 libtiff5 libwebp6 libwebpdemux2 libwebpmux3
python3-botocore python3-dateutil python3-docutils python3-jmespath
python3-olefile python3-pil python3-pygments python3-roman python3-rsa
python3-s3transfer sgml-base xml-core
0 upgraded, 24 newly installed, 0 to remove and 53 not upgraded.
Need to get 4551 kB of archives.
After this operation, 40.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libjpeg-turbo8 amd64 1.5.2-0ubuntu5.18.04.3 [110 kB]
Get:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 sgml-base all 1.29 [12.3 kB]
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 python3-dateutil all 2.6.1-1 [52.3 kB]
Get:4 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 xml-core all 0.18 [21.3 kB]
Get:5 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 docutils-common all 0.14+dfsg-3 [156 kB]
Get:6 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 python3-roman all 2.0.0-3 [8624 B]
Get:7 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 python3-docutils all 0.14+dfsg-3 [363 kB]
Get:8 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-jmespath all 0.9.3-1ubuntu1 [18.7 kB]
Get:9 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-botocore all 1.8.48+repack-1 [1764 kB]
Get:10 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-rsa all 3.4.2-1 [29.0 kB]
Get:11 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-s3transfer all 0.1.13-1 [39.8 kB]
Get:12 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 awscli all 1.14.44-1ubuntu1 [482 kB]
Get:13 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libjpeg8 amd64 8c-2ubuntu8 [2194 B]
Get:14 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 liblcms2-2 amd64 2.9-1ubuntu0.1 [139 kB]
Get:15 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libpaper1 amd64 1.1.24+nmu5ubuntu1 [13.6 kB]
Get:16 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libpaper-utils amd64 1.1.24+nmu5ubuntu1 [8170 B]
Get:17 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libjbig0 amd64 2.1-3.1build1 [26.7 kB]
Get:18 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libtiff5 amd64 4.0.9-5ubuntu0.3 [153 kB]
Get:19 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libwebp6 amd64 0.6.1-2 [185 kB]
Get:20 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libwebpdemux2 amd64 0.6.1-2 [9472 B]
Get:21 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libwebpmux3 amd64 0.6.1-2 [19.6 kB]
Get:22 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 python3-olefile all 0.45.1-1 [33.3 kB]
Get:23 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-pil amd64 5.1.0-1ubuntu0.2 [329 kB]
Get:24 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 python3-pygments all 2.2.0+dfsg-1 [574 kB]
Fetched 4551 kB in 2s (2416 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libjpeg-turbo8:amd64.
(Reading database ... 56554 files and directories currently installed.)
Preparing to unpack .../00-libjpeg-turbo8_1.5.2-0ubuntu5.18.04.3_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (1.5.2-0ubuntu5.18.04.3) ...
Selecting previously unselected package sgml-base.
Preparing to unpack .../01-sgml-base_1.29_all.deb ...
Unpacking sgml-base (1.29) ...
Selecting previously unselected package python3-dateutil.
Preparing to unpack .../02-python3-dateutil_2.6.1-1_all.deb ...
Unpacking python3-dateutil (2.6.1-1) ...
Selecting previously unselected package xml-core.
Preparing to unpack .../03-xml-core_0.18_all.deb ...
Unpacking xml-core (0.18) ...
Selecting previously unselected package docutils-common.
Preparing to unpack .../04-docutils-common_0.14+dfsg-3_all.deb ...
Unpacking docutils-common (0.14+dfsg-3) ...
Selecting previously unselected package python3-roman.
Preparing to unpack .../05-python3-roman_2.0.0-3_all.deb ...
Unpacking python3-roman (2.0.0-3) ...
Selecting previously unselected package python3-docutils.
Preparing to unpack .../06-python3-docutils_0.14+dfsg-3_all.deb ...
Unpacking python3-docutils (0.14+dfsg-3) ...
Selecting previously unselected package python3-jmespath.
Preparing to unpack .../07-python3-jmespath_0.9.3-1ubuntu1_all.deb ...
Unpacking python3-jmespath (0.9.3-1ubuntu1) ...
Selecting previously unselected package python3-botocore.
Preparing to unpack .../08-python3-botocore_1.8.48+repack-1_all.deb ...
Unpacking python3-botocore (1.8.48+repack-1) ...
Selecting previously unselected package python3-rsa.
Preparing to unpack .../09-python3-rsa_3.4.2-1_all.deb ...
Unpacking python3-rsa (3.4.2-1) ...
Selecting previously unselected package python3-s3transfer.
Preparing to unpack .../10-python3-s3transfer_0.1.13-1_all.deb ...
Unpacking python3-s3transfer (0.1.13-1) ...
Selecting previously unselected package awscli.
Preparing to unpack .../11-awscli_1.14.44-1ubuntu1_all.deb ...
Unpacking awscli (1.14.44-1ubuntu1) ...
Selecting previously unselected package libjpeg8:amd64.
Preparing to unpack .../12-libjpeg8_8c-2ubuntu8_amd64.deb ...
Unpacking libjpeg8:amd64 (8c-2ubuntu8) ...
Selecting previously unselected package liblcms2-2:amd64.
Preparing to unpack .../13-liblcms2-2_2.9-1ubuntu0.1_amd64.deb ...
Unpacking liblcms2-2:amd64 (2.9-1ubuntu0.1) ...
Selecting previously unselected package libpaper1:amd64.
Preparing to unpack .../14-libpaper1_1.1.24+nmu5ubuntu1_amd64.deb ...
Unpacking libpaper1:amd64 (1.1.24+nmu5ubuntu1) ...
Selecting previously unselected package libpaper-utils.
Preparing to unpack .../15-libpaper-utils_1.1.24+nmu5ubuntu1_amd64.deb ...
Unpacking libpaper-utils (1.1.24+nmu5ubuntu1) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../16-libjbig0_2.1-3.1build1_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-3.1build1) ...
Selecting previously unselected package libtiff5:amd64.
Preparing to unpack .../17-libtiff5_4.0.9-5ubuntu0.3_amd64.deb ...
Unpacking libtiff5:amd64 (4.0.9-5ubuntu0.3) ...
Selecting previously unselected package libwebp6:amd64.
Preparing to unpack .../18-libwebp6_0.6.1-2_amd64.deb ...
Unpacking libwebp6:amd64 (0.6.1-2) ...
Selecting previously unselected package libwebpdemux2:amd64.
Preparing to unpack .../19-libwebpdemux2_0.6.1-2_amd64.deb ...
Unpacking libwebpdemux2:amd64 (0.6.1-2) ...
Selecting previously unselected package libwebpmux3:amd64.
Preparing to unpack .../20-libwebpmux3_0.6.1-2_amd64.deb ...
Unpacking libwebpmux3:amd64 (0.6.1-2) ...
Selecting previously unselected package python3-olefile.
Preparing to unpack .../21-python3-olefile_0.45.1-1_all.deb ...
Unpacking python3-olefile (0.45.1-1) ...
Selecting previously unselected package python3-pil:amd64.
Preparing to unpack .../22-python3-pil_5.1.0-1ubuntu0.2_amd64.deb ...
Unpacking python3-pil:amd64 (5.1.0-1ubuntu0.2) ...
Selecting previously unselected package python3-pygments.
Preparing to unpack .../23-python3-pygments_2.2.0+dfsg-1_all.deb ...
Unpacking python3-pygments (2.2.0+dfsg-1) ...
Setting up libpaper1:amd64 (1.1.24+nmu5ubuntu1) ...
Creating config file /etc/papersize with new version
Setting up libpaper-utils (1.1.24+nmu5ubuntu1) ...
Setting up python3-roman (2.0.0-3) ...
Setting up python3-olefile (0.45.1-1) ...
Setting up liblcms2-2:amd64 (2.9-1ubuntu0.1) ...
Setting up libjbig0:amd64 (2.1-3.1build1) ...
Setting up libjpeg-turbo8:amd64 (1.5.2-0ubuntu5.18.04.3) ...
Setting up sgml-base (1.29) ...
Setting up python3-rsa (3.4.2-1) ...
Setting up python3-jmespath (0.9.3-1ubuntu1) ...
Setting up xml-core (0.18) ...
Setting up python3-dateutil (2.6.1-1) ...
Setting up libwebp6:amd64 (0.6.1-2) ...
Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
Setting up python3-pygments (2.2.0+dfsg-1) ...
Setting up libtiff5:amd64 (4.0.9-5ubuntu0.3) ...
Setting up libwebpmux3:amd64 (0.6.1-2) ...
Setting up libwebpdemux2:amd64 (0.6.1-2) ...
Setting up python3-pil:amd64 (5.1.0-1ubuntu0.2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for shared-mime-info (1.9-2) ...
Processing triggers for sgml-base (1.29) ...
Setting up docutils-common (0.14+dfsg-3) ...
Processing triggers for sgml-base (1.29) ...
Setting up python3-docutils (0.14+dfsg-3) ...
update-alternatives: using /usr/share/docutils/scripts/python3/rst-buildhtml to provide /usr/bin/rst-buildhtml (rst-buildhtml) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2html to provide /usr/bin/rst2html (rst2html) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2html4 to provide /usr/bin/rst2html4 (rst2html4) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2html5 to provide /usr/bin/rst2html5 (rst2html5) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2latex to provide /usr/bin/rst2latex (rst2latex) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2man to provide /usr/bin/rst2man (rst2man) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2odt to provide /usr/bin/rst2odt (rst2odt) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2odt_prepstyles to provide /usr/bin/rst2odt_prepstyles (rst2odt_prepstyles) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2pseudoxml to provide /usr/bin/rst2pseudoxml (rst2pseudoxml) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2s5 to provide /usr/bin/rst2s5 (rst2s5) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2xetex to provide /usr/bin/rst2xetex (rst2xetex) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rst2xml to provide /usr/bin/rst2xml (rst2xml) in auto mode
update-alternatives: using /usr/share/docutils/scripts/python3/rstpep2html to provide /usr/bin/rstpep2html (rstpep2html) in auto mode
Setting up python3-botocore (1.8.48+repack-1) ...
Setting up python3-s3transfer (0.1.13-1) ...
Setting up awscli (1.14.44-1ubuntu1)

Run the aws --version command to check awscli version .

ubuntu@ip-10-0-0-131:~$ aws --version
aws-cli/1.14.44 Python/3.6.9 Linux/4.15.0-1057-aws botocore/1.8.48

Run aws configure command to configure your AWS IAM credentials , to communicate and control multiple AWS resources with a single tool. You need to enter your IAM user access key ID and secret access key and region where you want to run all your AWS resources.

ubuntu@ip-10-0-0-131:~$ aws configure
AWS Access Key ID [None]: ***************
AWS Secret Access Key [None]: ************************
Default region name [None]: ap-south-1
Default output format [None]:

Run sudo apt-get update && sudo apt-get install -y apt-transport-https to ensure your source list is up-to-date and installs any dependencies and allows the use of repositories

accessed by HTTP protocol.

ubuntu@ip-10-0-0-131:~# sudo apt-get update && sudo apt-get install -y apt-transport-https
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:5 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [868 kB]
Get:6 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1053 kB]
Fetched 2172 kB in 2s (908 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded.
Need to get 1692 B of archives.
After this operation, 153 kB of additional disk space will be used.
Get:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 apt-transport-https all 1.6.12 [1692 B]
Fetched 1692 B in 0s (6711 B/s)
Selecting previously unselected package apt-transport-https.
(Reading database ... 87197 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_1.6.12_all.deb ...
Unpacking apt-transport-https (1.6.12) ...
Setting up apt-transport-https (1.6.12)

STEP 4: Add a package key to download the packages (Switch to root user) .Each time you add another apt repository to /etc/apt/sources.list.d/, you'll also have to give apt its key if you want apt to trust it by running apt-get key command to authenticate download packages.

root@ip-10-0-0-131:~# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
OK
root@ip-10-0-0-131:~# echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
root@ip-10-0-0-131:~# sudo apt-get update
Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Hit:5 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:4 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8993 B]
Get:6 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [33.9 kB]
Fetched 132 kB in 1s (111 kB/s)
Reading package lists... Done

STEP 5: Install kops .Kops is the tool to deploy production grade kubernetes clusters on AWS.

ubuntu@ip-10-0-0-131:~$ curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Dload  Upload   Total   Spent    Left  Speed
100   606  100   606    0     0   1746      0 --:--:-- --:--:-- --:--:--  1746
100  101M  100  101M    0     0  7262k      0  0:00:14  0:00:14 --:--:-- 9020k
ubuntu@ip-10-0-0-131:~$ chmod +x kops-linux-amd64
ubuntu@ip-10-0-0-131:~$ sudo mv kops-linux-amd64 /usr/local/bin/kops
ubuntu@ip-10-0-0-131:~$ kops version
Version 1.15.2 (git-ad595825a)

STEP 6: Install kubectl.

Kubectl is a command line tool for controlling kubernetes clusters.

root@ip-10-0-0-131:~# sudo apt-get install -y kubectl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
kubectl
0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded.
Need to get 8740 kB of archives.
After this operation, 43.5 MB of additional disk space will be used.
Get:1 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 kubectl amd64 1.17.3-00 [8740 kB]
Fetched 8740 kB in 1s (6452 kB/s)
Selecting previously unselected package kubectl.
(Reading database ... 87201 files and directories currently installed.)
Preparing to unpack .../kubectl_1.17.3-00_amd64.deb ...
Unpacking kubectl (1.17.3-00) ...
Setting up kubectl (1.17.3-00) ...
root@ip-10-0-0-131:~# kubectl version --client
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64”}

STEP 7: Create a free DNS domain and Create hosted zone on AWS to reflect DNS changes on AWS side


Go to https://www.freenom.com/ -> Create freedomain (for demo purposes I have created this domain k8sdemocluster.tk you can create any domain you prefer ) and sign up for 3months or 1year period which is free and complete the signup process.

Login to AWS Console->Click on Services->Go to Route 53 under Networking & Content Delivery->Click on Hosted Zones on the left side ->Click on Create Hosted Zone->Enter your domain value (ex: k8sdemocluster.tk in mycase).Once created, it creates 4 Nameservers as below when you click on your hosted zone.


k8sdemocluster.tk. NS
ns-1546.awsdns-01.co.uk.
ns-862.awsdns-43.net.
ns-1046.awsdns-02.org.
ns-193.awsdns-24.com.

Go to your freenom website and login with your account details ->Go to services->My domains->Click on manage domain -> Go to management tools->Click on Nameservers->Click on Custom nameservers and copy the details of 4 Nameservers generated in AWS using Route53 hosted zone as shown below->Click on Change nameservers once copied to save changes and reflect DNS changes.


Run this DNS lookup command to query AWS nameservers .If they are showing the values correct, this means your Route53 and freenom Domain has been configured correctly.

root@ip-10-0-0-131:~# dig NS k8sdemocluster.tk
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> NS k8sdemocluster.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6565
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;k8sdemocluster.tk. IN NS
;; ANSWER SECTION:
k8sdemocluster.tk. 60 IN NS ns-862.awsdns-43.net.
k8sdemocluster.tk. 60 IN NS ns-1046.awsdns-02.org.
k8sdemocluster.tk. 60 IN NS ns-1546.awsdns-01.co.uk.
k8sdemocluster.tk. 60 IN NS ns-193.awsdns-24.com.
;; Query time: 19 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Feb 19 09:07:43 UTC 2020
;; MSG SIZE  rcvd: 186

STEP 8: Create a S3 bucket (for example i.e kopscluster) to store the configuration of the cluster state and expose environment variable.You can create any s3 bucketname as you prefer.

Run aws s3 mb command to create s3 bucket in AWS.

aws s3 mb s3://kopscluster

Setup environment variable using below command.

export KOPS_STATE_STORE=s3://kopscluster

Note: If you use export to declare any variable , then it will be saved only for that particular session only. To overcome this problem, you need to update these variables inside .bashrc & .profile in ~ dir.


STEP 9: Create kubernetes cluster using kops create cluster command .

ubuntu@ip-10-0-0-131:~$ kops create cluster --name=k8sdemocluster.tk --state=s3://kopscluster --zones=ap-south-1a --node-count=2 --node-size=t2.medium --master-size=t2.medium --dns-zone=k8sdemocluster.tk

STEP 10: SSH-key generation.These keys will be used by cluster to login and for generating the passwords.

ubuntu@ip-10-0-0-131:~$ kops create secret --name k8sdemocluster.tk sshpublickey admin -i ~/.ssh/id_rsa.pub

STEP 11: Now to actually create cluster run the following command.This command will create certificates, pre-create DNS records, create auto scaling groups, VPC, Security groups for master and worker nodes and etc.

ubuntu@ip-10-0-0-131:~$ kops update cluster k8sdemocluster.tk --yes
I0219 09:11:34.195350  21501 executor.go:103] Tasks: 0 done / 86 total; 44 can run
I0219 09:11:34.992520  21501 vfs_castore.go:729] Issuing new certificate: "etcd-manager-ca-main"
I0219 09:11:35.113630  21501 vfs_castore.go:729] Issuing new certificate: "etcd-peers-ca-events"
I0219 09:11:35.555368  21501 vfs_castore.go:729] Issuing new certificate: "etcd-manager-ca-events"
I0219 09:11:36.283758  21501 vfs_castore.go:729] Issuing new certificate: "etcd-peers-ca-main"
I0219 09:11:36.312279  21501 vfs_castore.go:729] Issuing new certificate: "etcd-clients-ca"
I0219 09:11:36.730886  21501 vfs_castore.go:729] Issuing new certificate: "ca"
I0219 09:11:36.853638  21501 vfs_castore.go:729] Issuing new certificate: "apiserver-aggregator-ca"
I0219 09:11:36.966031  21501 executor.go:103] Tasks: 44 done / 86 total; 24 can run
I0219 09:11:37.521619  21501 vfs_castore.go:729] Issuing new certificate: "kube-proxy"
I0219 09:11:38.147268  21501 vfs_castore.go:729] Issuing new certificate: "kubecfg"
I0219 09:11:38.294100  21501 vfs_castore.go:729] Issuing new certificate: "kube-scheduler"
I0219 09:11:38.618384  21501 vfs_castore.go:729] Issuing new certificate: "apiserver-aggregator"
I0219 09:11:38.915942  21501 vfs_castore.go:729] Issuing new certificate: "master"
I0219 09:11:39.367748  21501 vfs_castore.go:729] Issuing new certificate: "kube-controller-manager"
I0219 09:11:39.576054  21501 vfs_castore.go:729] Issuing new certificate: "kubelet"
I0219 09:11:39.656563  21501 vfs_castore.go:729] Issuing new certificate: "kubelet-api"
I0219 09:11:39.865280  21501 vfs_castore.go:729] Issuing new certificate: "kops"
I0219 09:11:39.951149  21501 vfs_castore.go:729] Issuing new certificate: "apiserver-proxy-client"
I0219 09:11:40.171204  21501 executor.go:103] Tasks: 68 done / 86 total; 16 can run
I0219 09:11:40.343076  21501 launchconfiguration.go:364] waiting for IAM instance profile "nodes.k8sdemocluster.tk" to be ready
I0219 09:11:40.347640  21501 launchconfiguration.go:364] waiting for IAM instance profile "masters.k8sdemocluster.tk" to be ready
I0219 09:11:50.637833  21501 executor.go:103] Tasks: 84 done / 86 total; 2 can run
I0219 09:11:51.164958  21501 executor.go:103] Tasks: 86 done / 86 total; 0 can run
I0219 09:11:51.165090  21501 dns.go:155] Pre-creating DNS records
I0219 09:11:52.426693  21501 update_cluster.go:305] Exporting kubecfg for cluster
kops has set your kubectl context to k8sdemocluster.tk
Cluster is starting. It should be ready in a few minutes.
Suggestions:
* validate cluster: kops validate cluster
* list nodes: kubectl get nodes --show-labels
* ssh to the master: ssh -i ~/.ssh/id_rsa admin@api.k8sdemocluster.tk
* the admin user is specific to Debian. If not using Debian please use the appropriate user based on your OS.
* read about installing addons at: https://github.com/kubernetes/kops/blob/master/docs/addons.md.

Run the kops validate cluster command to verify cluster details .

ubuntu@ip-10-0-0-131:~$ kops validate cluster
Using cluster from kubectl context: k8sdemocluster.tk
Validating cluster k8sdemocluster.tk
INSTANCE GROUPS
NAME ROLE MACHINETYPE MIN MAX SUBNETS
master-ap-south-1a Master t2.medium 1 1 ap-south-1a
nodes Node t2.medium 2 2 ap-south-1a
NODE STATUS
NAME ROLE READY
ip-172-20-53-72.ap-south-1.compute.internal node True
ip-172-20-59-20.ap-south-1.compute.internal node True
ip-172-20-63-215.ap-south-1.compute.internal master True
Your cluster k8sdemocluster.tk is ready

Run kubectl get nodes and cluster-info to get node details and cluster details of your kubernetes cluster.

ubuntu@ip-10-0-0-131:~$ kubectl get nodes
NAME  STATUS  ROLES AGE  VERSION
ip-172-20-53-72.ap-south-1.compute.internal Ready node  18m  v1.15.9
ip-172-20-59-20.ap-south-1.compute.internal Ready node  18m  v1.15.9
ip-172-20-63-215.ap-south-1.compute.internal  Ready master  19m  v1.15.9
ubuntu@ip-10-0-0-131:~$ kubectl cluster-info
Kubernetes masteris running at https://api.k8sdemocluster.tk
KubeDNSis running at https://api.k8sdemocluster.tk/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump’.

STEP 12: Enable the Kubernetes UI dashboard by installing the UI service using kubectl apply.

ubuntu@ip-10-0-0-131:~$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created

Run kubectl proxy to make the dashboard available.

ubuntu@ip-10-0-0-131: ~ % kubectl proxy
Starting to serve on 127.0.0.1:8001

Once you see the above output then copy the below URL and paste in different browser to access kubernetes dashboard UI.

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

Run kubectl get services -n kube-system for seeing the services.

ubuntu@ip-10-0-0-131~ % kubectl get services -n kube-system
NAME  TYPE CLUSTER-IP  EXTERNAL-IP  PORT(S)  AGE
kube-dns  ClusterIP  100.64.0.10 <none> 53/UDP,53/TCP  4h3m
kubernetes-dashboard  ClusterIP  100.69.130.122  <none> 443/TCP  113m

Run kubectl describe secret to get the token for the default service.

ubuntu@ip-10-0-0-131~ % kubectl -n kube-system describe secrets $(kubectl -n kube-system get secret | grep "dashboard-token" | awk {'print $1'}) | grep "token:" | awk {'print $2'}
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2N****************WptL_xW5GLyUzWI0WGnEIKbpeV36wvQQUJqwEjXGft9JNq8WuXES9DFYxNQ

Run kubectl create clusterrolebinding to grant cluster role permissions to access UI.

ubuntu@ip-10-0-0-131~ % kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created

Now you should be able to generate token and grant cluster role.You can use this token for logging into the UI dashboard to see the pods , containers, namespaces and user profile, etc.This is how a simple production grade kubernetes can be installed using kops in AWS.

59 views