Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save alexpanasUCLA/b0cabf3ac49b728b4a03b76122ea2386 to your computer and use it in GitHub Desktop.
Save alexpanasUCLA/b0cabf3ac49b728b4a03b76122ea2386 to your computer and use it in GitHub Desktop.
Setup script to create a fresh kubernetes cluster on AWS with kops incl. all required AWS resources (S3 buckets, IAM etc.)
#!/bin/bash
# Prerequisites (macOS):
# - aws cli => to create AWS resources
# => pip install --upgrade --user awscli
# => aws configure
# - jq => to parse JSON results returned by the AWS CLI
# => brew install jq
# - chronic => to suppress output unless there's a non-zero exit code
# => brew install moreutils
# - kops => to create the actual kubernetes cluster
# => brew install kops
export PREFIX=acmecorp
export URL="your-domain.com"
export AWS_REGION="eu-central-1"
printf "🔤 Please specify a cluster name\n"
read CLUSTER_NAME
export KOPS_CONFIG_BUCKET=${PREFIX}.kops-${CLUSTER_NAME}.config
export K8_CONFIG_BUCKET=${PREFIX}.k8-${CLUSTER_NAME}.config
###################################
# 1. Generate SSH key for cluster #
###################################
printf "\n🔒 Let's generate a new ssh keypair for this cluster\n"
ssh-keygen -t rsa -f ${PREFIX}-${CLUSTER_NAME}
export PUBLIC_SSH_KEY=./${PREFIX}-${CLUSTER_NAME}.pub
printf " \n🔑 Awesome, now please put the private key into our 1password team vault"
printf " \nType 'done' to confirm that you safely stored the private key in the team vault\n"
read CONFIRM
if [ "$CONFIRM" != "done" ]
then
printf "❗️ Ok, one more chance: Type 'done' to confirm you've stored the private ssh key in the 1password team vault\n"
read CONFIRM
fi
if [ "$CONFIRM" != "done" ]
then
printf "❌ Aborting, you've had your chance…"
exit 1
fi
printf " \n🆒 Now let's create a new cluster\n"
########################
# 2. Create S3 Buckets #
########################
printf "\n1️⃣ Create S3 buckets for kops and kubernetes config\n"
printf " a) Creating S3 bucket for kops config…"
aws s3 ls | grep $KOPS_CONFIG_BUCKET > /dev/null
if [ $? -eq 0 ]
then
printf " ✅ Bucket already exists\n\n"
else
chronic aws s3api create-bucket \
--bucket $KOPS_CONFIG_BUCKET \
--region $AWS_REGION \
--create-bucket-configuration LocationConstraint=${AWS_REGION}
chronic aws s3api put-bucket-versioning \
--bucket $KOPS_CONFIG_BUCKET \
--versioning-configuration Status=Enabled
printf " ✅\n"
fi
printf " b) Creating S3 bucket for kubernetes config…"
aws s3 ls | grep $K8_CONFIG_BUCKET > /dev/null
if [ $? -eq 0 ]
then
printf " ✅ Bucket already exists\n\n"
else
chronic aws s3api create-bucket \
--bucket $K8_CONFIG_BUCKET \
--region $AWS_REGION \
--create-bucket-configuration LocationConstraint=$AWS_REGION
chronic aws s3api put-bucket-versioning \
--bucket $K8_CONFIG_BUCKET \
--versioning-configuration Status=Enabled
printf " ✅\n"
fi
###########################
# 3. Create IAM Resources #
###########################
printf "\n2️⃣ Create IAM user and group for kops\n"
printf " a) Creating IAM group for kops…"
aws iam list-groups | grep kops > /dev/null
if [ $? -eq 0 ]
then
printf " ✅ IAM group 'kops' already exists\n"
else
chronic aws iam create-group --group-name kops
printf " ✅\n"
fi
printf " b) Attaching IAM policies to kops usergroup…"
export policies="
AmazonEC2FullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
IAMFullAccess
AmazonVPCFullAccess"
new_policy_created=false
for policy in $policies; do
check_arn=$(aws iam list-attached-group-policies --group-name kops | jq --arg policy $policy '.AttachedPolicies[] | select(.PolicyName == $policy) | .PolicyName' > /dev/null)
if [ "$check_arn" = "null" ]
then
$new_policy_created=true
aws iam attach-group-policy --policy-arn "arn:aws:iam::aws:policy/$policy" --group-name kops;
fi
done
if [ "$new_policy_created" = true ]
then
printf " ✅\n"
else
printf " ✅ Policies already exist\n"
fi
printf " c) Creating IAM user for kops…"
aws iam list-users | grep kops > /dev/null
if [ $? -eq 0 ]
then
printf " ✅ IAM user 'kops' already exists\n"
else
aws iam create-user --user-name kops
aws iam add-user-to-group --user-name kops --group-name kops
aws iam create-access-key --user-name kops
printf " ✅\n"
fi
##########################
# 4. Create kops cluster #
##########################
printf "\n3️⃣ Create new kops cluster\n"
kops create cluster \
--state s3://${KOPS_CONFIG_BUCKET} \
--ssh-public-key $PUBLIC_SSH_KEY \
--cloud aws \
--zones ${AWS_REGION}a \
--topology private \
--networking calico \
--network-cidr=10.0.0.0/16 \
--bastion \
--master-size m3.medium \
--node-size m3.medium \
--node-count 4 \
--yes \
k8-${CLUSTER_NAME}.${URL}
printf "✅ Successfully kicked off cluster creation, it can take 10-15mins until it is fully functional\n"
########################
# 5. Export kubeconfig #
########################
printf "\n4️⃣ Exporting kubeconfig from new cluster…"
# To export the kubectl configuration to a specific file we need to set the KUBECONFIG environment variable.
# see kops export kubecfg --help for further information
export KUBECONFIG=./kubeconfig
chronic kops export kubecfg k8-${CLUSTER_NAME}.${URL} --state=s3://${KOPS_CONFIG_BUCKET}
printf "✅ Done\n"
#########################
# 6. Encrypt kubeconfig #
#########################
printf "\n5️⃣ Encrypting kubeconfig with OpenSSL…"
openssl enc -aes-256-cbc -salt -in kubeconfig -out kubeconfig.enc
printf "✅ Done\n"
########################
# 7. Upload kubeconfig #
########################
printf "\n6️⃣ Uploading encrypted kubeconfig to S3…"
chronic aws s3 cp kubeconfig.enc s3://${K8_CONFIG_BUCKET}/kubeconfig.enc
printf "✅ Done\n"
############
# 8. Done! #
############
printf "\n🏁 Finished!"
printf "\n You can see if the cluster is ready by running 'kops validate cluster --state s3://${KOPS_CONFIG_BUCKET} --name k8-${CLUSTER_NAME}.${URL}'\n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment