From b2aae260a35401a029feb44db320798c3d6ada22 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Fri, 12 Jun 2020 17:34:30 +1000 Subject: [PATCH] add files --- README.md | 3 + .../cloud/amazon/assume-node-policy.json | 12 ++ kubernetes/cloud/amazon/assume-policy.json | 12 ++ kubernetes/cloud/amazon/getting-started.md | 163 ++++++++++++++++++ kubernetes/cloud/azure/getting-started.md | 129 ++++++++++++++ .../cloud/digitalocean/getting-started.md | 104 +++++++++++ kubernetes/cloud/google/getting-started.md | 95 ++++++++++ kubernetes/cloud/linode/dockerfile | 4 + kubernetes/cloud/linode/getting-started.md | 101 +++++++++++ kubernetes/cloud/readme.md | 9 + kubernetes/services/service.yaml | 2 +- 11 files changed, 633 insertions(+), 1 deletion(-) create mode 100644 kubernetes/cloud/amazon/assume-node-policy.json create mode 100644 kubernetes/cloud/amazon/assume-policy.json create mode 100644 kubernetes/cloud/amazon/getting-started.md create mode 100644 kubernetes/cloud/azure/getting-started.md create mode 100644 kubernetes/cloud/digitalocean/getting-started.md create mode 100644 kubernetes/cloud/google/getting-started.md create mode 100644 kubernetes/cloud/linode/dockerfile create mode 100644 kubernetes/cloud/linode/getting-started.md create mode 100644 kubernetes/cloud/readme.md diff --git a/README.md b/README.md index 3deba38..39ed2af 100644 --- a/README.md +++ b/README.md @@ -64,5 +64,8 @@ Video: https://youtu.be/xhva6DeKqVU
Part #7 Kubernetes ingress | the basics
Video: https://youtu.be/izWCkcJAzBw
+Kubernetes in the Cloud + +Checkout my series on running Kubernetes in the Cloud [here](./kubernetes/cloud/readme.md)
More details coming soon! diff --git a/kubernetes/cloud/amazon/assume-node-policy.json b/kubernetes/cloud/amazon/assume-node-policy.json new file mode 100644 index 0000000..ce9cb76 --- /dev/null +++ b/kubernetes/cloud/amazon/assume-node-policy.json @@ -0,0 +1,12 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} \ No newline at end of file diff --git a/kubernetes/cloud/amazon/assume-policy.json b/kubernetes/cloud/amazon/assume-policy.json new file mode 100644 index 0000000..be1e045 --- /dev/null +++ b/kubernetes/cloud/amazon/assume-policy.json @@ -0,0 +1,12 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} \ No newline at end of file diff --git a/kubernetes/cloud/amazon/getting-started.md b/kubernetes/cloud/amazon/getting-started.md new file mode 100644 index 0000000..c3ae0b6 --- /dev/null +++ b/kubernetes/cloud/amazon/getting-started.md @@ -0,0 +1,163 @@ +# Getting Started with EKS + +## Amazon CLI + +``` + +# Run Amazon CLI +docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17 + +cd ./kubernetes/cloud/amazon + +yum install jq +``` + +## Login to AWS + +https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html + +``` +# Access your "My Security Credentials" section in your profile. +# Create an access key + +aws configure + +# Regions +https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html + +``` + + +# Deploy Cluster with AWS CLI + +You can deploy a cluster using multiple ways.
+We will cover the two fundamental ways. + +1) AWS CLI https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html +2) EKS CLI (newer) https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html + + +## AWS CLI + +Kubernetes needs a service account to manage our Kubernetes cluster
+In AWS this is an IAM role
+Lets create one!
+ +Follow "Create your Amazon EKS cluster IAM role" [here](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html)
+ +``` + +# create our role for EKS +role_arn=$(aws iam create-role --role-name getting-started-eks-role --assume-role-policy-document file://assume-policy.json | jq .Role.Arn | sed s/\"//g) +aws iam attach-role-policy --role-name getting-started-eks-role --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy + +# create the cluster VPC + +curl https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-05-08/amazon-eks-vpc-sample.yaml -o vpc.yaml +aws cloudformation deploy --template-file vpc.yaml --stack-name getting-started-eks + +# grab your stack details +aws cloudformation list-stack-resources --stack-name getting-started-eks > stack.json + +# create our cluster + +aws eks create-cluster \ +--name getting-started-eks \ +--role-arn $role_arn \ +--resources-vpc-config subnetIds=subnet-063efe1fa0c5d4913,subnet-06f91e563755e2077,subnet-0824d16f8536b3681,securityGroupIds=sg-0960d3a116ba912e1,endpointPublicAccess=true,endpointPrivateAccess=false + +aws eks list-clusters +aws eks describe-cluster --name getting-started-eks +``` + + +## Get a kubeconfig for our cluster + +``` + +aws eks update-kubeconfig --name getting-started-eks --region ap-southeast-2 + +#grab the config if you want it +cp ~/.kube/config . + +curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl +chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl + +``` + +## Add nodes to our cluster + +``` + +# create our role for nodes +role_arn=$(aws iam create-role --role-name getting-started-eks-role-nodes --assume-role-policy-document file://assume-node-policy.json | jq .Role.Arn | sed s/\"//g) + +aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy +aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy +aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly + +``` +More details on node permissions [here](https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html) + + +More details on instance types to choose from [here](https://aws.amazon.com/ec2/instance-types/) + +``` +aws eks create-nodegroup \ +--cluster-name getting-started-eks \ +--nodegroup-name test \ +--node-role $role_arn \ +--subnets subnet-0ec47e6ae964a233f \ +--disk-size 200 \ +--scaling-config minSize=1,maxSize=2,desiredSize=1 \ +--instance-types t2.small +``` + +## EKS CTL example + +``` +eksctl create cluster --name getting-started-eks-1 \ +--region ap-southeast-2 \ +--version 1.16 \ +--managed \ +--node-type t2.small \ +--nodes 1 \ +--node-volume-size 200 + +``` +## Create some sample containers + +``` +cd ../.. + +kubectl create ns example-app + +# lets create some resources. +kubectl apply -n example-app -f secrets/secret.yaml +kubectl apply -n example-app -f configmaps/configmap.yaml +kubectl apply -n example-app -f deployments/deployment.yaml + +# remember to change the `type: LoadBalancer` +kubectl apply -n example-app -f services/service.yaml + +``` +## Cleanup + +``` + +eksctl delete cluster --name getting-started-eks-1 + +aws eks delete-nodegroup --cluster-name getting-started-eks --nodegroup-name test +aws eks delete-cluster --name getting-started-eks + +aws iam detach-role-policy --role-name getting-started-eks-role --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy +aws iam delete-role --role-name getting-started-eks-role + +aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy +aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy +aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly + +aws iam delete-role --role-name getting-started-eks-role-nodes + +aws cloudformation delete-stack --stack-name getting-started-eks +``` \ No newline at end of file diff --git a/kubernetes/cloud/azure/getting-started.md b/kubernetes/cloud/azure/getting-started.md new file mode 100644 index 0000000..93585d4 --- /dev/null +++ b/kubernetes/cloud/azure/getting-started.md @@ -0,0 +1,129 @@ +# Getting Started with AKS + +## Azure CLI + +``` +# Run Azure CLI +docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh mcr.microsoft.com/azure-cli:2.6.0 + +cd ./kubernetes/cloud/azure + +``` + +## Login to Azure + +``` +#login and follow prompts +az login + +# view and select your subscription account + +az account list -o table +SUBSCRIPTION= +az account set --subscription + +``` + +## Create our Resource Group + +``` +RESOURCEGROUP=aks-getting-started +az group create -n $RESOURCEGROUP -l australiaeast + +``` +## Create Service Principal + +Kubernetes needs a service account to manage our Kubernetes cluster
+Lets create one!
+ +``` + +SERVICE_PRINCIPAL_JSON=$(az ad sp create-for-rbac --skip-assignment --name aks-getting-started-sp -o json) + +#Keep the `appId` and `password` for later use! + +SERVICE_PRINCIPAL=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.appId') +SERVICE_PRINCIPAL_SECRET=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.password') + +#grant contributor role over the resource group to our service principal + +az role assignment create --assignee $SERVICE_PRINCIPAL \ +--scope "/subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCEGROUP" \ +--role Contributor + +``` +For extra reference you can also take a look at the Microsoft Docs: [here](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-service-principal.md)
+ +## Create our cluster + +``` +#full list of options + +az aks create --help +az aks get-versions --location australiaeast -o table + +#generate SSH key + +ssh-keygen -t rsa -b 4096 -N "VeryStrongSecret123!" -C "your_email@example.com" -q -f ~/.ssh/id_rsa +cp ~/.ssh/id_rsa* . + +az aks create -n aks-getting-started \ +--resource-group $RESOURCEGROUP \ +--location australiaeast \ +--kubernetes-version 1.16.9 \ +--load-balancer-sku standard \ +--nodepool-name default \ +--node-count 1 \ +--node-vm-size Standard_E4s_v3 \ +--node-osdisk-size 250 \ +--ssh-key-value ./id_rsa.pub \ +--network-plugin kubenet \ +--service-principal $SERVICE_PRINCIPAL \ +--client-secret $SERVICE_PRINCIPAL_SECRET \ +--output none + +# if your SP key is invalid, generate a new one: +SERVICE_PRINCIPAL_SECRET=(az ad sp credential reset --name $SERVICE_PRINCIPAL | jq -r '.password') +``` + +## Get a kubeconfig for our cluster + +``` +# use --admin for admin credentials +# use without `--admin` to get no priviledged user. + +az aks get-credentials -n aks-getting-started \ +--resource-group $RESOURCEGROUP + +#grab the config if you want it +cp ~/.kube/config . + +``` + +## Get kubectl + +``` +curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl +chmod +x ./kubectl +mv ./kubectl /usr/local/bin/kubectl + +cd ../.. + +kubectl create ns example-app + +# lets create some resources. +kubectl apply -n example-app -f secrets/secret.yaml +kubectl apply -n example-app -f configmaps/configmap.yaml +kubectl apply -n example-app -f deployments/deployment.yaml + +# remember to change the `type: LoadBalancer` +kubectl apply -n example-app -f services/service.yaml + +``` + +## Clean up + +``` +az group delete -n $RESOURCEGROUP +az ad sp delete --id $SERVICE_PRINCIPAL +``` \ No newline at end of file diff --git a/kubernetes/cloud/digitalocean/getting-started.md b/kubernetes/cloud/digitalocean/getting-started.md new file mode 100644 index 0000000..cc8e9f3 --- /dev/null +++ b/kubernetes/cloud/digitalocean/getting-started.md @@ -0,0 +1,104 @@ +# Getting Started with DGO + +## Trial Account + +Coupon Link to get $100 credit for 60 days:
+https://m.do.co/c/74a1c5d63dac + +## Digital Ocean CLI + +https://hub.docker.com/r/digitalocean/doctl + +``` +# Digital Ocean CLI +docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash digitalocean/doctl:1.45.0 +mv /app/doctl /usr/local/bin/ +cd ./kubernetes/cloud/digitalocean + +``` + +## Login to DGO + +``` +#login and follow prompts +doctl auth init +doctl auth list + +``` + +## Create a new project + +``` +doctl projects create --name getting-started-dgo --purpose testing +doctl projects list +# grab the project ID +``` + +## Gather our options + +https://www.digitalocean.com/docs/kubernetes/ + +``` +doctl kubernetes options +doctl kubernetes options regions +doctl kubernetes options versions + +``` + +## Create our cluster + +``` + + + + +# full list of options +doctl kubernetes cluster create --help + +doctl kubernetes cluster create dgo-getting-started \ +--version 1.17.5-do.0 \ +--count 1 \ +--size s-1vcpu-2gb \ +--region sgp1 + +``` + +## Get a kubeconfig for our cluster + +``` +doctl kubernetes cluster kubeconfig save dgo-getting-started + +#grab the config if you want it +cp ~/.kube/config . + +``` + +## Get kubectl + +``` +curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl +chmod +x ./kubectl +mv ./kubectl /usr/local/bin/kubectl + +cd ../.. + + +kubectl create ns example-app + +# lets create some resources. +kubectl apply -n example-app -f secrets/secret.yaml +kubectl apply -n example-app -f configmaps/configmap.yaml +kubectl apply -n example-app -f deployments/deployment.yaml + +# remember to change the `type: LoadBalancer` +kubectl apply -n example-app -f services/service.yaml + +``` + +## Clean up + +``` +doctl kubernetes cluster delete dgo-getting-started + +# remember to delete the load balancer manually! +``` \ No newline at end of file diff --git a/kubernetes/cloud/google/getting-started.md b/kubernetes/cloud/google/getting-started.md new file mode 100644 index 0000000..bc7e3f6 --- /dev/null +++ b/kubernetes/cloud/google/getting-started.md @@ -0,0 +1,95 @@ +# Getting Started with GKE + +## Google Cloud CLI + +https://hub.docker.com/r/google/cloud-sdk/ + +``` +# Run Google Cloud CLI +docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash google/cloud-sdk:160.0.0 + +cd ./kubernetes/cloud/google + +``` + +## Login to GCloud + +``` +#login and follow prompts +gcloud auth login + +gcloud projects list + +gcloud projects create getting-started-gke +gcloud config set project getting-started-gke + +``` + +## Enable APIs for your Project. + +You may be prompted to enable APIs in Google Console for your project in order to proceed. +Follow the prompts. + +## Create our cluster + +Machine types : https://cloud.google.com/compute/docs/machine-types + +``` +# machine types +gcloud compute machine-types list > machine-types.log + +# Get k8s versions for your zone +gcloud container get-server-config --zone australia-southeast1-c + +# full list of options +gcloud container clusters create --help + +gcloud container clusters create gke-getting-started \ +--cluster-version 1.16.8-gke.15 \ +--disk-size 200 \ +--num-nodes 1 \ +--machine-type e2-small \ +--no-enable-cloud-endpoints \ +--no-enable-cloud-logging \ +--no-enable-cloud-monitoring \ +--zone australia-southeast1-c + +``` + +## Get a kubeconfig for our cluster + +``` +gcloud container clusters get-credentials gke-getting-started --zone australia-southeast1-c + +#grab the config if you want it +cp ~/.kube/config . + +``` + +## Get kubectl + +``` +curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl +chmod +x ./kubectl +mv ./kubectl /usr/local/bin/kubectl + +cd ../.. + + +kubectl create ns example-app + +# lets create some resources. +kubectl apply -n example-app -f secrets/secret.yaml +kubectl apply -n example-app -f configmaps/configmap.yaml +kubectl apply -n example-app -f deployments/deployment.yaml + +# remember to change the `type: LoadBalancer` +kubectl apply -n example-app -f services/service.yaml + +``` + +## Clean up + +``` +gcloud container clusters delete gke-getting-started --zone australia-southeast1-c +``` \ No newline at end of file diff --git a/kubernetes/cloud/linode/dockerfile b/kubernetes/cloud/linode/dockerfile new file mode 100644 index 0000000..80b4394 --- /dev/null +++ b/kubernetes/cloud/linode/dockerfile @@ -0,0 +1,4 @@ +FROM python:3.8.3-alpine3.12 + +RUN apk add --no-cache bash curl +RUN pip3 install linode-cli==2.15.0 \ No newline at end of file diff --git a/kubernetes/cloud/linode/getting-started.md b/kubernetes/cloud/linode/getting-started.md new file mode 100644 index 0000000..915e88c --- /dev/null +++ b/kubernetes/cloud/linode/getting-started.md @@ -0,0 +1,101 @@ +# Getting Started with Linode + +## Trial Account + +Promo Link to get $20 credit to try out Linode:
+https://login.linode.com/signup?promo=DOCS20AA00X1 + +## Linode CLI + +At the time of this video there is not docker image for Linode CLI, so lets make our own :)
+Take a look at the dockerfile in this folder. + +``` +# Linode CLI + +# Run this from the root of the repo! + +docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash aimvector/linode:2.15.0 +cd ./kubernetes/cloud/linode + +``` + +## Login to Linode + +``` +#login and follow prompts +linode-cli + +``` + +## Gather our options + +https://www.linode.com/docs/platform/api/linode-cli/ + +``` +linode-cli lke --help + +linode-cli regions list --text +linode-cli lke versions-list +linode-cli linodes list --region ap-south + +``` + +## Create our cluster + +https://www.linode.com/docs/platform/api/linode-cli/#linode-kubernetes-engine-lke + +``` + +# full list of options +linode-cli lke cluster-create --help + +linode-cli lke cluster-create \ + --label getting-started-lke \ + --region ap-south \ + --k8s_version 1.16 \ + --node_pools.type g6-standard-2 --node_pools.count 1 \ + --tags marcel + +``` + +## Get a kubeconfig for our cluster + +``` +linode-cli lke clusters-list + +linode-cli lke kubeconfig-view +``` + +Download a kubeconfig from the [dashboard](https://cloud.linode.com/kubernetes/clusters)
+Rename and drop it into `./kubernetes/cloud/linode/config.yaml` + +## Get kubectl + +``` +curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl +chmod +x ./kubectl +mv ./kubectl /usr/local/bin/kubectl + +export KUBECONFIG=/work/kubernetes/cloud/linode/config.yaml + +kubectl create ns example-app + +# lets create some resources. +kubectl apply -n example-app -f /work/kubernetes/secrets/secret.yaml +kubectl apply -n example-app -f /work/kubernetes/configmaps/configmap.yaml +kubectl apply -n example-app -f /work/kubernetes/deployments/deployment.yaml + +# remember to change the `type: LoadBalancer` +kubectl apply -n example-app -f /work/kubernetes/services/service.yaml + +``` + +## Clean up + +``` +linode-cli lke clusters-list +linode-cli lke cluster-delete + +# remember to delete the load balancer manually! +``` \ No newline at end of file diff --git a/kubernetes/cloud/readme.md b/kubernetes/cloud/readme.md new file mode 100644 index 0000000..71c166e --- /dev/null +++ b/kubernetes/cloud/readme.md @@ -0,0 +1,9 @@ +# Kubernetes in the Cloud + +## Introduction to Kubernetes on Cloud Providers + +Microsoft Azure [here](./azure/getting-started.md)
+Digital Ocean [here](./digitalocean/getting-started.md)
+Linode Cloud [here](./linode/getting-started.md)
+Amazon Web Services [here](./amazon/getting-started.md)
+Google Cloud [here](./google/getting-started.md)
\ No newline at end of file diff --git a/kubernetes/services/service.yaml b/kubernetes/services/service.yaml index 7302b6d..de00471 100644 --- a/kubernetes/services/service.yaml +++ b/kubernetes/services/service.yaml @@ -5,7 +5,7 @@ metadata: labels: app: example-app spec: - type: ClusterIP + type: LoadBalancer selector: app: example-app ports: