setup k8s cluster with kops
- ssh setup
ssh-keygen -t rsa https://www.changwoo.org/x1wins@changwoo.net/2019-07-31/ssh-keygen-t-rsa-a19b29a0d6
- aws authorize
AmazonEC2FullAccess AmazonRoute53FullAccess AmazonS3FullAccess IAMFullAccess AmazonVPCFullAccess https://www.changwoo.org/x1wins@changwoo.net/2019-10-23/Upload-file-to-S3-with-AWS-CLI-d12442012c
- install kops
% brew update && brew install kops % brew install kubernetes-cli % pip install awscli % brew update && brew install awscli https://github.com/kubernetes/kops/blob/master/docs/install.md
- aws s3 key setup
% aws configure # Use your new access and secret key here % aws iam list-users # you should see a list of all your IAM users here # Because "aws configure" doesn't export these vars for kops to use, we export them now % export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id) % export AWS_SECRET_ACCESS_KEY=$(aws configure get aws_secret_access_key) https://github.com/kubernetes/kops/blob/master/docs/getting_started/aws.md
- run kops for aws ec
% export NAME=hello.changwoo.org % export KOPS_STATE_STORE=s3://kops-data % aws ec2 describe-availability-zones --region us-west-1 % kops create cluster \ --zones=us-west-1a \ ${NAME} % kops edit cluster ${NAME} % kops update cluster ${NAME} --yes % kubectl get nodes % kops validate cluster https://rancher.com/blog/2020/three-way-to-run-aws
- kops command
% kops delete cluster --name=k8s.cluster.site --yes https://kops.sigs.k8s.io/cli/kops_delete_cluster/ # Get all clusters in a state store % kops get clusters # https://github.com/kubernetes/kops/blob/master/docs/cli/kops_get_clusters.md % kops get ${NAME} % kops import cluster --name ${NAME} --region us-west-1a \ --state=${KOPS_STATE_STORE} % kubectl version Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:50:19Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"darwin/amd64"} error: You must be logged in to the server (the server has asked for the client to provide credentials)
- troubleshooting - error: You must be logged in to the server (Unauthorized)
% kubectl get nodes error: You must be logged in to the server (Unauthorized) export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id) export AWS_SECRET_ACCESS_KEY=$(aws configure get aws_secret_access_key) export NAME=hello.changwoo.org export KOPS_STATE_STORE=s3://kops-data % echo $AWS_SECRET_ACCESS_KEY *************************/ % echo $NAME hello.changwoo.org % kops update cluster ${NAME} --yes --admin