Merge pull request #11 from marcel-dempers/cloud-series

kubernetes-in-the-cloud
2025-06-06 17:01:30 +00:00 · 2020-06-16 10:26:13 +00:00 · 2020-06-16 10:26:13 +00:00 · bcf8e55856
commit bcf8e55856
parent 09223e2dcb b2aae260a3
11 changed files with 633 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -64,5 +64,8 @@ Video:                      https://youtu.be/xhva6DeKqVU <br/>
 Part #7                     Kubernetes ingress | the basics <br/>
 Video:                      https://youtu.be/izWCkcJAzBw <br/>  
 Kubernetes in the Cloud
 Checkout my series on running Kubernetes in the Cloud [here](./kubernetes/cloud/readme.md) <br/>
 More details coming soon!
--- a/kubernetes/cloud/amazon/assume-node-policy.json
+++ b/kubernetes/cloud/amazon/assume-node-policy.json
@ -0,0 +1,12 @@
 {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "ec2.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
 }
--- a/kubernetes/cloud/amazon/assume-policy.json
+++ b/kubernetes/cloud/amazon/assume-policy.json
@ -0,0 +1,12 @@
 {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "eks.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
 }
--- a/kubernetes/cloud/amazon/getting-started.md
+++ b/kubernetes/cloud/amazon/getting-started.md
@ -0,0 +1,163 @@
 # Getting Started with EKS
 ## Amazon CLI
 ```
 # Run Amazon CLI
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17
 cd ./kubernetes/cloud/amazon
 yum install jq
 ```
 ## Login to AWS
 https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
 ```
 # Access your "My Security Credentials" section in your profile. 
 # Create an access key
 aws configure
 # Regions
 https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
 ```
 # Deploy Cluster with AWS CLI
 You can deploy a cluster using multiple ways.  </br>
 We will cover the two fundamental ways.
 1) AWS CLI https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
 2) EKS CLI (newer) https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html
 ## AWS CLI
 Kubernetes needs a service account to manage our Kubernetes cluster <br/>
 In AWS this is an IAM role <br/>
 Lets create one! <br/>
 Follow "Create your Amazon EKS cluster IAM role" [here](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html) <br/>
 ```
 # create our role for EKS
 role_arn=$(aws iam create-role --role-name getting-started-eks-role --assume-role-policy-document file://assume-policy.json | jq .Role.Arn | sed s/\"//g)
 aws iam attach-role-policy --role-name getting-started-eks-role --policy-arn  arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
 # create the cluster VPC
 curl https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-05-08/amazon-eks-vpc-sample.yaml -o vpc.yaml
 aws cloudformation deploy --template-file vpc.yaml --stack-name getting-started-eks
 # grab your stack details 
 aws cloudformation list-stack-resources --stack-name getting-started-eks > stack.json
 # create our cluster
 aws eks create-cluster \
 --name getting-started-eks \
 --role-arn $role_arn \
 --resources-vpc-config subnetIds=subnet-063efe1fa0c5d4913,subnet-06f91e563755e2077,subnet-0824d16f8536b3681,securityGroupIds=sg-0960d3a116ba912e1,endpointPublicAccess=true,endpointPrivateAccess=false
 aws eks list-clusters
 aws eks describe-cluster --name getting-started-eks
 ```
 ## Get a kubeconfig for our cluster
 ```
 aws eks update-kubeconfig --name getting-started-eks --region ap-southeast-2
 #grab the config if you want it
 cp ~/.kube/config .
 curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl
 ```
 ## Add nodes to our cluster
 ```
 # create our role for nodes
 role_arn=$(aws iam create-role --role-name getting-started-eks-role-nodes --assume-role-policy-document file://assume-node-policy.json | jq .Role.Arn | sed s/\"//g)
 aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
 aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
 aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
 ```
 More details on node permissions [here](https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html)
 More details on instance types to choose from [here](https://aws.amazon.com/ec2/instance-types/)
 ```
 aws eks create-nodegroup \
 --cluster-name getting-started-eks \
 --nodegroup-name test \
 --node-role $role_arn \
 --subnets subnet-0ec47e6ae964a233f \
 --disk-size 200 \
 --scaling-config minSize=1,maxSize=2,desiredSize=1 \
 --instance-types t2.small
 ```
 ## EKS CTL example
 ```
 eksctl create cluster --name getting-started-eks-1 \
 --region ap-southeast-2 \
 --version 1.16 \
 --managed \
 --node-type t2.small \
 --nodes 1 \
 --node-volume-size 200 
 ```
 ## Create some sample containers
 ```
 cd ../..
 kubectl create ns example-app
 # lets create some resources.
 kubectl apply -n example-app -f secrets/secret.yaml
 kubectl apply -n example-app -f configmaps/configmap.yaml
 kubectl apply -n example-app -f deployments/deployment.yaml
 # remember to change the `type: LoadBalancer`
 kubectl apply -n example-app -f services/service.yaml
 ```
 ## Cleanup 
 ```
 eksctl delete cluster --name getting-started-eks-1
 aws eks delete-nodegroup --cluster-name getting-started-eks --nodegroup-name test
 aws eks delete-cluster --name getting-started-eks
 aws iam detach-role-policy --role-name getting-started-eks-role --policy-arn  arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
 aws iam delete-role --role-name getting-started-eks-role
 aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
 aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
 aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
 aws iam delete-role --role-name getting-started-eks-role-nodes
 aws cloudformation delete-stack --stack-name getting-started-eks
 ```
--- a/kubernetes/cloud/azure/getting-started.md
+++ b/kubernetes/cloud/azure/getting-started.md
@ -0,0 +1,129 @@
 # Getting Started with AKS
 ## Azure CLI
 ```
 # Run Azure CLI
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh mcr.microsoft.com/azure-cli:2.6.0
 cd ./kubernetes/cloud/azure
 ```
 ## Login to Azure
 ```
 #login and follow prompts
 az login 
 # view and select your subscription account
 az account list -o table
 SUBSCRIPTION=<id>
 az account set --subscription <SubscriptionId-id-here>
 ```
 ## Create our Resource Group
 ```
 RESOURCEGROUP=aks-getting-started
 az group create -n $RESOURCEGROUP -l australiaeast
 ```
 ## Create Service Principal
 Kubernetes needs a service account to manage our Kubernetes cluster </br>
 Lets create one! </br>
 ```
 SERVICE_PRINCIPAL_JSON=$(az ad sp create-for-rbac --skip-assignment --name aks-getting-started-sp -o json)
 #Keep the `appId` and `password` for later use!
 SERVICE_PRINCIPAL=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.appId')
 SERVICE_PRINCIPAL_SECRET=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.password')
 #grant contributor role over the resource group to our service principal
 az role assignment create --assignee $SERVICE_PRINCIPAL \
 --scope "/subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCEGROUP" \
 --role Contributor
 ```
 For extra reference you can also take a look at the Microsoft Docs: [here](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-service-principal.md) </br>
 ## Create our cluster
 ```
 #full list of options
 az aks create --help
 az aks get-versions --location australiaeast -o table
 #generate SSH key
 ssh-keygen -t rsa -b 4096 -N "VeryStrongSecret123!" -C "your_email@example.com" -q -f  ~/.ssh/id_rsa
 cp ~/.ssh/id_rsa* .
 az aks create -n aks-getting-started \
 --resource-group $RESOURCEGROUP \
 --location australiaeast \
 --kubernetes-version 1.16.9 \
 --load-balancer-sku standard \
 --nodepool-name default \
 --node-count 1 \
 --node-vm-size Standard_E4s_v3  \
 --node-osdisk-size 250 \
 --ssh-key-value ./id_rsa.pub \
 --network-plugin kubenet \
 --service-principal $SERVICE_PRINCIPAL \
 --client-secret $SERVICE_PRINCIPAL_SECRET \
 --output none
 # if your SP key is invalid, generate a new one:
 SERVICE_PRINCIPAL_SECRET=(az ad sp credential reset --name $SERVICE_PRINCIPAL | jq -r '.password')
 ```
 ## Get a kubeconfig for our cluster
 ```
 # use --admin for admin credentials
 # use without `--admin` to get no priviledged user.
 az aks get-credentials -n aks-getting-started \
 --resource-group $RESOURCEGROUP
 #grab the config if you want it
 cp ~/.kube/config .
 ```
 ## Get kubectl
 ```
 curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 mv ./kubectl /usr/local/bin/kubectl
 cd ../..
 kubectl create ns example-app
 # lets create some resources.
 kubectl apply -n example-app -f secrets/secret.yaml
 kubectl apply -n example-app -f configmaps/configmap.yaml
 kubectl apply -n example-app -f deployments/deployment.yaml
 # remember to change the `type: LoadBalancer`
 kubectl apply -n example-app -f services/service.yaml
 ```
 ## Clean up 
 ```
 az group delete -n $RESOURCEGROUP
 az ad sp delete --id $SERVICE_PRINCIPAL
 ```
--- a/kubernetes/cloud/digitalocean/getting-started.md
+++ b/kubernetes/cloud/digitalocean/getting-started.md
@ -0,0 +1,104 @@
 # Getting Started with DGO
 ## Trial Account
 Coupon Link to get $100 credit for 60 days: <br/>
 https://m.do.co/c/74a1c5d63dac
 ## Digital Ocean CLI
 https://hub.docker.com/r/digitalocean/doctl
 ```
 # Digital Ocean CLI
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash digitalocean/doctl:1.45.0
 mv /app/doctl /usr/local/bin/
 cd ./kubernetes/cloud/digitalocean
 ```
 ## Login to DGO
 ```
 #login and follow prompts
 doctl auth init
 doctl auth list
 ```
 ## Create a new project
 ```
 doctl projects create --name getting-started-dgo --purpose testing
 doctl projects list
 # grab the project ID
 ```
 ## Gather our options
 https://www.digitalocean.com/docs/kubernetes/
 ```
 doctl kubernetes options
 doctl kubernetes options regions
 doctl kubernetes options versions
 ```
 ## Create our cluster
 ```
 # full list of options
 doctl kubernetes cluster create --help
 doctl kubernetes cluster create dgo-getting-started \
 --version 1.17.5-do.0 \
 --count 1 \
 --size s-1vcpu-2gb \
 --region sgp1
 ```
 ## Get a kubeconfig for our cluster
 ```
 doctl kubernetes cluster kubeconfig save dgo-getting-started
 #grab the config if you want it
 cp ~/.kube/config .
 ```
 ## Get kubectl
 ```
 curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 mv ./kubectl /usr/local/bin/kubectl
 cd ../..
 kubectl create ns example-app
 # lets create some resources.
 kubectl apply -n example-app -f secrets/secret.yaml
 kubectl apply -n example-app -f configmaps/configmap.yaml
 kubectl apply -n example-app -f deployments/deployment.yaml
 # remember to change the `type: LoadBalancer`
 kubectl apply -n example-app -f services/service.yaml
 ```
 ## Clean up 
 ```
 doctl kubernetes cluster delete dgo-getting-started
 # remember to delete the load balancer manually!
 ```
--- a/kubernetes/cloud/google/getting-started.md
+++ b/kubernetes/cloud/google/getting-started.md
@ -0,0 +1,95 @@
 # Getting Started with GKE
 ## Google Cloud CLI
 https://hub.docker.com/r/google/cloud-sdk/
 ```
 # Run Google Cloud CLI
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash google/cloud-sdk:160.0.0
 cd ./kubernetes/cloud/google
 ```
 ## Login to GCloud
 ```
 #login and follow prompts
 gcloud auth login
 gcloud projects list
 gcloud projects create getting-started-gke
 gcloud config set project getting-started-gke
 ```
 ## Enable APIs for your Project.
 You may be prompted to enable APIs in Google Console for your project in order to proceed.
 Follow the  prompts.
 ## Create our cluster
 Machine types : https://cloud.google.com/compute/docs/machine-types
 ```
 # machine types
 gcloud compute machine-types list > machine-types.log
 # Get k8s versions for your zone
 gcloud container get-server-config --zone australia-southeast1-c
 # full list of options
 gcloud container clusters create --help
 gcloud container clusters create gke-getting-started \
 --cluster-version 1.16.8-gke.15 \
 --disk-size 200 \
 --num-nodes 1 \
 --machine-type e2-small \
 --no-enable-cloud-endpoints \
 --no-enable-cloud-logging \
 --no-enable-cloud-monitoring  \
 --zone australia-southeast1-c
 ```
 ## Get a kubeconfig for our cluster
 ```
 gcloud container clusters get-credentials gke-getting-started --zone australia-southeast1-c
 #grab the config if you want it
 cp ~/.kube/config .
 ```
 ## Get kubectl
 ```
 curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 mv ./kubectl /usr/local/bin/kubectl
 cd ../..
 kubectl create ns example-app
 # lets create some resources.
 kubectl apply -n example-app -f secrets/secret.yaml
 kubectl apply -n example-app -f configmaps/configmap.yaml
 kubectl apply -n example-app -f deployments/deployment.yaml
 # remember to change the `type: LoadBalancer`
 kubectl apply -n example-app -f services/service.yaml
 ```
 ## Clean up 
 ```
 gcloud container clusters delete gke-getting-started --zone australia-southeast1-c
 ```
--- a/kubernetes/cloud/linode/dockerfile
+++ b/kubernetes/cloud/linode/dockerfile
@ -0,0 +1,4 @@
 FROM python:3.8.3-alpine3.12
 RUN apk add --no-cache bash curl
 RUN pip3 install linode-cli==2.15.0
--- a/kubernetes/cloud/linode/getting-started.md
+++ b/kubernetes/cloud/linode/getting-started.md
@ -0,0 +1,101 @@
 # Getting Started with Linode
 ## Trial Account
 Promo Link to get $20 credit to try out Linode: <br/>
 https://login.linode.com/signup?promo=DOCS20AA00X1
 ## Linode CLI
 At the time of this video there is not docker image for Linode CLI, so lets make our own :) <br/>
 Take a look at the dockerfile in this folder.
 ```
 # Linode CLI
 # Run this from the root of the repo!
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/bash aimvector/linode:2.15.0
 cd ./kubernetes/cloud/linode
 ```
 ## Login to Linode
 ```
 #login and follow prompts
 linode-cli
 ```
 ## Gather our options
 https://www.linode.com/docs/platform/api/linode-cli/
 ```
 linode-cli lke --help
 linode-cli regions list --text
 linode-cli lke versions-list 
 linode-cli linodes list --region ap-south
 ```
 ## Create our cluster
 https://www.linode.com/docs/platform/api/linode-cli/#linode-kubernetes-engine-lke
 ```
 # full list of options
 linode-cli lke cluster-create --help
 linode-cli lke cluster-create \
  --label getting-started-lke \
  --region ap-south \
  --k8s_version 1.16 \
  --node_pools.type g6-standard-2 --node_pools.count 1 \
  --tags marcel
 ```
 ## Get a kubeconfig for our cluster
 ```
 linode-cli lke clusters-list
 linode-cli lke kubeconfig-view <id>
 ```
 Download a kubeconfig from the [dashboard](https://cloud.linode.com/kubernetes/clusters) <br/>
 Rename and drop it into `./kubernetes/cloud/linode/config.yaml`
 ## Get kubectl
 ```
 curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 mv ./kubectl /usr/local/bin/kubectl
 export KUBECONFIG=/work/kubernetes/cloud/linode/config.yaml
 kubectl create ns example-app
 # lets create some resources.
 kubectl apply -n example-app -f /work/kubernetes/secrets/secret.yaml
 kubectl apply -n example-app -f /work/kubernetes/configmaps/configmap.yaml
 kubectl apply -n example-app -f /work/kubernetes/deployments/deployment.yaml
 # remember to change the `type: LoadBalancer`
 kubectl apply -n example-app -f /work/kubernetes/services/service.yaml
 ```
 ## Clean up 
 ```
 linode-cli lke clusters-list
 linode-cli lke cluster-delete <id>
 # remember to delete the load balancer manually!
 ```
--- a/kubernetes/cloud/readme.md
+++ b/kubernetes/cloud/readme.md
@ -0,0 +1,9 @@
 # Kubernetes in the Cloud
 ## Introduction to Kubernetes on Cloud Providers
 Microsoft Azure [here](./azure/getting-started.md) <br/>
 Digital Ocean [here](./digitalocean/getting-started.md) <br/>
 Linode Cloud [here](./linode/getting-started.md) <br/>
 Amazon Web Services [here](./amazon/getting-started.md) <br/>
 Google Cloud [here](./google/getting-started.md) <br/>
--- a/kubernetes/services/service.yaml
+++ b/kubernetes/services/service.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    app: example-app
 spec:
-  type: ClusterIP
+  type: LoadBalancer
  selector:
    app: example-app
  ports: