Kubernetes on AWS

Author: Anurag Guda

Readmd.md

@@ -0,0 +1,24 @@
+<h1> Kubernetes on AWS with Terraform </h1>
+
+This repository helps to spin up AWS environment and create kubernetes cluster on top of that. 
+
+- Prerequisites
+  - AWS account details
+  - Ansible on your local machine
+  - Terraform on your local machine 
+
+### Usage
+
+Update the aws account details in terrform varaiable file, then run the below command to install kubernetes cluster on AWS 
+
+```
+bash k8scluster.sh
+```
+
+To clean up the AWS environment with kubernetes, run the below command
+
+```
+cd terrform
+terraform destroy -auto-approve 
+```
+

ansible/README.md

@@ -0,0 +1,39 @@
+<h1> Install multi-node kubernetes cluster with Ansible Playbooks </h1>
+
+- Prerequisites 
+  - SSH trust setup from your local vm to remote hosts or use remote host private_key
+    - ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
+      ssh anguda@$host  | sudo -S mkdir /root/.ssh
+      ssh anguda@$host | sudo -S touch /root/.ssh/authorized_keys
+      ssh anguda@$host | sudo -S apt install git ansible vim sshpass openssh-server -y
+      cat /root/.ssh/id_rsa.pub | sshpass -p k8s123 ssh root@$host "cat >> /root/.ssh/authorized_keys"
+
+
+
+This directory helps you to install kubernetes cluster with ansible playbooks. Please make sure to pass inventory file for each playbooks 
+
+- inventory example 
+
+```
+[k8s-masters]
+54.219.223.243 ansible_ssh_host=54.219.223.243 ansible_ssh_port=22 ansible_ssh_user=ubuntu ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+
+[k8s-workers]
+52.52.238.67 ansible_ssh_host=52.52.238.67 ansible_ssh_port=22 ansible_ssh_user=ubuntu ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+52.8.50.178 ansible_ssh_host=52.8.50.178 ansible_ssh_port=22 ansible_ssh_user=ubuntu ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+``` 
+
+### Usage
+
+First make sure to install the prerequisites.yaml to install all componenets 
+
+```
+ansible-playbook prerequisites.yaml -i inventory
+```
+
+Then run k8s.yaml to install kubernetes cluster with kubeadm 
+
+```
+ansible-playbook k8s.yaml -i inventory
+```
+

ansible/inventory

@@ -0,0 +1,7 @@
+
+[k8s-masters]
+ec2-52-52-180-22.us-west-1.compute.amazonaws.com ansible_ssh_host=52.52.180.22 ansible_ssh_port=22 ansible_ssh_user=ubuntu ansible_ssh_private_key_file=/Users/aguda/Downloads/AWS/awstest.pem ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+
+[k8s-workers]
+ec2-13-57-111-53.us-west-1.compute.amazonaws.com ansible_ssh_host=13.57.111.53 ansible_ssh_port=22 ansible_ssh_user=ubuntu ansible_ssh_private_key_file=/Users/aguda/Downloads/AWS/awstest.pem ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+ec2-13-57-45-138.us-west-1.compute.amazonaws.com ansible_ssh_host=13.57.45.138 ansible_ssh_port=22 ansible_ssh_user=ubuntu ansible_ssh_private_key_file=/Users/aguda/Downloads/AWS/awstest.pem ansible_ssh_extra_args='-o StrictHostKeyChecking=no'

ansible/k8s.yaml

@@ -0,0 +1,116 @@
+- hosts: k8s-masters
+  become: True
+  tasks:
+   
+   - name: Reset Kubernetes component
+     shell: "kubeadm reset --force"
+     register: reset_cluster
+
+   - name: remove etcd directory
+     ignore_errors: yes
+     shell: "{{ item }}" 
+     with_items:
+      - rm -rf /var/lib/etcd
+      - rm -rf $HOME/.kube
+
+   - name: Initialize the Kubernetes cluster using kubeadm
+     command: kubeadm init --pod-network-cidr=10.244.0.0/16 --v 9
+     register: kubeadm
+  
+   - debug: msg={{ kubeadm.stdout_lines }}
+ 
+   - name: Create kube directory
+     file:
+      path: $HOME/.kube
+      state: directory
+
+   - name: Copy kubeconfig to home
+     shell: |
+      sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+      sudo chown $(id -u):$(id -g) $HOME/.kube/config
+
+   - name: Install networking plugin to kubernetes cluster
+     command: "kubectl apply -f {{ item }}" 
+     with_items:
+     - https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 
+     - https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
+     - https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
+     - https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
+     - https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
+
+   - name: Change permissions of the service account(kubernetes-dashboard) for the dashboard
+     command: kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
+
+   - name: Run KubeProxy
+     shell: nohup kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' </dev/null >/dev/null 2>&1 &
+    
+   - name: Generate join token
+     shell: kubeadm token create --print-join-command
+     register: kubeadm_join_cmd
+
+   - set_fact:
+       kubeadm_join: "{{ kubeadm_join_cmd.stdout }}"
+
+   - debug: var=kubeadm_join
+
+   - name: Store join command
+     action: copy content="{{ kubeadm_join }}" dest="/etc/kubernetes/kubeadm-join.command"
+ 
+   - name: ansible copy file from remote to local.
+     fetch:
+      src: /etc/kubernetes/kubeadm-join.command
+      dest: /tmp/kubeadm-join.command
+      flat: yes
+
+- hosts: k8s-workers
+  become: true
+  vars:
+     kubeadm_join: "{{ lookup('file', '/tmp/kubeadm-join.command') }}"
+  tasks:
+
+   - name: Copy Kubeadm join 
+     copy:
+      src: /tmp/kubeadm-join.command
+      dest: /tmp/kubeadm-join.command
+
+   - name: Reset Kubernetes component
+     shell: "kubeadm reset --force"
+     ignore_errors: yes
+
+   - name: remove kubernetes directory
+     shell: "/bin/rm -rf /etc/kubernetes"
+     ignore_errors: yes 
+
+   - name: Run kubeadm join
+     shell: "{{ kubeadm_join }} --ignore-preflight-errors=swap"
+     
+- hosts: k8s-masters
+  become: true
+  tasks:
+   - name: Get Node name
+     shell: "kubectl get nodes  | grep -v master | awk '{print $1}' | grep -v NAME"
+     register: node_name
+
+   - debug: var=node_name
+
+   - name: Lable the node
+     shell: "kubectl label node {{ item }} node-role.kubernetes.io/node="
+     with_items: "{{ node_name.stdout_lines }}"  
+
+   - name: "Check if Helm is installed"
+     shell: command -v helm >/dev/null 2>&1
+     register: helm_exists
+     ignore_errors: yes
+
+   - name: "Install Helm"
+     command: "{{ item }}"
+     args:
+       warn: false
+     with_items:
+       - curl -O https://get.helm.sh/helm-v3.1.1-linux-amd64.tar.gz
+       - tar -xvzf helm-v3.1.1-linux-amd64.tar.gz
+       - cp linux-amd64/helm /usr/local/bin/
+       - cp linux-amd64/helm /usr/bin/
+       - rm -rf helm-v3.1.1-linux-amd64.tar.gz linux-amd64
+
+     when: helm_exists.rc > 0

ansible/prerequisites.yaml

@@ -0,0 +1,146 @@
+- name: Define hosts
+  hosts: all
+  become: true
+  tasks:
+   - name: upgrade a server
+     become: true
+     become_user: root
+     apt: update_cache=yes only_upgrade=yes
+     ignore_errors: yes
+
+   - name: Add an Kubernetes apt signing key for Ubuntu
+     when: "ansible_distribution == 'Ubuntu'"
+     apt_key:
+       url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+       state: present
+
+   - name: Adding Kubernetes apt repository for Ubuntu
+     when: "ansible_distribution == 'Ubuntu'"
+     apt_repository:
+      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
+      state: present
+      filename: kubernetes
+
+   - name: install kubernetes components for Ubuntu
+     when: "ansible_distribution == 'Ubuntu'"
+     apt:
+       name: ['apt-transport-https', 'curl', 'ca-certificates', 'gnupg-agent' ,'software-properties-common', 'kubelet=1.15.3-00', 'kubeadm=1.15.3-00', 'kubectl=1.15.3-00']
+       state: present
+
+   - name: Validate whether Kubernetes cluster installed
+     shell: kubectl cluster-info
+     register: k8sup
+     ignore_errors: yes
+
+   - name: Add Docker GPG key for Ubuntu
+     when: "ansible_distribution == 'Ubuntu' and 'running' not in k8sup.stdout"
+     apt_key: url=https://download.docker.com/linux/ubuntu/gpg
+
+   - name: Add Docker APT repository for Ubuntu
+     when: "ansible_distribution == 'Ubuntu' and 'running' not in k8sup.stdout"
+     apt_repository:
+       repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable
+
+   - name: Install Docker-CE Engine on Ubuntu
+     when: " ansible_distribution == 'Ubuntu' and 'running' not in k8sup.stdout"
+     apt:
+       name: [ 'docker-ce=5:19.03.1~3-0~ubuntu-bionic' ]
+       state: present
+       update_cache: yes
+ 
+   - name: Creating a Kubernetes repository file for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS']"
+     file:
+      path: /etc/yum.repos.d/kubernetes.repo
+      state: touch
+
+   - name: Adding repository details in Kubernetes repo file for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS']"
+     blockinfile:
+      path: /etc/yum.repos.d/kubernetes.repo
+      block: |
+       [kubernetes]
+       name=Kubernetes
+       baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+       enabled=1
+       gpgcheck=0
+       repo_gpgcheck=0
+       gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
+         https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+
+   - name: Installing required packages for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS']"
+     yum:
+      name: ['bind-utils', 'yum-utils', 'device-mapper-persistent-data', 'lvm2', 'telnet', 'kubelet-1.15.5', 'kubeadm-1.15.5', 'kubectl-1.15.5', 'firewalld', 'curl']
+      state: present
+
+
+   - name: "Configuring Docker-CE repo for RHEL/CentOS"
+     when: "ansible_distribution in ['RedHat', 'CentOS'] and 'running' not in k8sup.stdout"
+     get_url:
+       url: https://download.docker.com/linux/centos/docker-ce.repo
+       dest: /etc/yum.repos.d/docker-ce.repo
+       mode: 0644
+
+   - name: Install Docker-CE Engine on RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS'] and 'running' not in k8sup.stdout"
+     args:
+       warn: false
+     shell: yum install docker -y
+
+   - name: SetEnforce for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS'] and 'running' not in k8sup.stdout"
+     ignore_errors: yes
+     command: "setenforce 0"
+
+   - name: SELinux for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS'] and 'running' not in k8sup.stdout"
+     args:
+       warn: false
+     command: sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
+
+   - name: Enable Firewall Service for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS'] and 'running' not in k8sup.stdout"
+     service:
+       name: firewalld
+       state: started
+       enabled: yes
+     ignore_errors: yes
+
+   - name: Allow Network Ports in Firewalld for RHEL/CentOS
+     when: "ansible_distribution in ['RedHat', 'CentOS'] and 'running' not in k8sup.stdout"
+     firewalld:
+      port: "{{ item }}"
+      state: enabled
+      permanent: yes
+      immediate: yes
+     with_items:
+       - "6443/tcp"
+       - "10250/tcp"
+
+
+   - name: Remove swapfile from /etc/fstab
+     when: "'running' not in k8sup.stdout"
+     mount:
+       name: "{{ item }}"
+       fstype: swap
+       state: absent
+     with_items:
+      - swap
+      - none
+
+   - name: Disable swap
+     when: "'running' not in k8sup.stdout"
+     command: swapoff -a
+
+   - name: Starting and enabling the required services
+     when: "'running' not in k8sup.stdout"
+     service:
+      name: "{{ item }}"
+      state: started
+      enabled: yes
+     ignore_errors: yes
+     with_items:
+      - docker
+      - kubelet
+

k8scluster.sh

@@ -0,0 +1,15 @@
+
+cd terraform
+terraform init
+terraform plan 
+terraform apply -auto-approve
+terraform output inventory > ../ansible/inventory
+
+echo "Please wait for a while to bring aws instances up"
+
+sleep 60
+cd ../ansible
+ansible -m ping -i inventory all
+ansible-playbook -i inventory prerequisites.yaml
+ansible-playbook -i inventory k8s.yaml
+

terraform/Readmd.md

@@ -0,0 +1,24 @@
+<h1> Kubernetes on AWS with Terraform </h1>
+
+This repository helps to spin up AWS environment and create kubernetes cluster on top of that. 
+
+- Prerequisites
+  - AWS account details
+  - Ansible on your local machine
+  - Terraform on your local machine 
+
+### Usage
+
+Update the aws account details in terrform varaiable file, then run the below command to install kubernetes cluster on AWS 
+
+```
+bash k8scluster.sh
+```
+
+To clean up the AWS environment with kubernetes, run the below command
+
+```
+cd terrform
+terraform destroy -auto-approve 
+```
+