#kops (2019-01)

Discussions related to kops for kubernetes

Archive: https://archive.sweetops.com/kops/

2019-01-04

Jan avatar
cloudposse/prod.cloudposse.co

Example Terraform/Kubernetes Reference Infrastructure for Cloud Posse Production Organization in AWS - cloudposse/prod.cloudposse.co

Jan avatar
Populate chamber secrets for kops project (make sure to change the keys and values to reflect your environment; add new secrets as needed)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we’ve automated this now!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so these directions are out of date

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sec

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” invocations for provisioning reference architectures - cloudposse/terraform-root-modules

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We are writing all the settings to SSM

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then you can just run

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
chamber exec kops -- bash -l
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and run kops ... commands as normal

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i can show you a demo

Jan avatar

please!

Jan avatar

where do I find that list? in aws/kops-aws-platform/chamber-kops.sh?

joshmyers avatar
joshmyers

@Jan good question

Jan avatar

busy trying to stand up the root kops as is

Jan avatar

then modify the a fork of the module for targeting existing vpc’s

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Document kops setup by osterman · Pull Request #339 · cloudposse/geodesic

what Move KOPS_* envs out of Dockerfile (prevents deploying multiple clusters) Thoroughly document how to use .envrc with our kops strategy why Our previous strategy of defining all ENVs in the …

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this should be merged by EOW (sunday)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

they still don’t take into account some of the latest changes.

2019-01-07

2019-01-08

Jan avatar
kubernetes/node-problem-detector

This is a place for various problem detectors running on the Kubernetes nodes. - kubernetes/node-problem-detector

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator to be used with Kops to map IAM principals to Kubernetes users

2019-01-09

bazbremner avatar
bazbremner
11:49:06 AM

@bazbremner has joined the channel

webb avatar
webb
06:41:56 AM

@webb has joined the channel

2019-01-15

Jan avatar

Are you using rbac by default?

Jan avatar

erg wrong channel I think

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in our kops manifest, we have it disabled by default

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but there’s a boolean to enable it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/geodesic

Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! https://slack.cloudposse.com/ - clou…

Jan avatar

Have it enabled

2019-01-17

Ajay Tripathy avatar
Ajay Tripathy
04:28:26 PM

@Ajay Tripathy has joined the channel

2019-01-18

Jan avatar

when runnign k8s via kops in aws

Jan avatar

what creates the KubernetesAdmin role referenced here?

Jan avatar
cloudposse/terraform-aws-kops-iam-authenticator-config

Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator to be used with Kops to map IAM principals to Kubernetes users - cloudposse/terraform-aws-kops-iam-authentica…

Jan avatar
kubernetes-sigs/aws-iam-authenticator

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster - kubernetes-sigs/aws-iam-authenticator

Jan avatar

here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

might have to wait for @Andriy Knysh (Cloud Posse)

Jan avatar

are they prerequisites or do you create them automatically?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
kubernetes-sigs/aws-iam-authenticator

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster - kubernetes-sigs/aws-iam-authenticator

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t have first-hand experience setting this up yet

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so I can just google =P

Jan avatar

hahah

Jan avatar

yea all good

Jan avatar

will figure it out

Jan avatar
cloudposse/terraform-aws-kops-iam-authenticator-config

Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator to be used with Kops to map IAM principals to Kubernetes users - cloudposse/terraform-aws-kops-iam-authentica…

Jan avatar

so liek this is the 2nd half of what I would have expected

Jan avatar

the 1st part would have been the creation of the iam roles

Jan avatar

will extend and submit

Jan avatar

inf act its not needed

2019-01-21

Jan avatar
hjacobs/kubernetes-failure-stories

Compilation of public failure/horror stories related to Kubernetes - hjacobs/kubernetes-failure-stories

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Jan

Jan avatar

I thanks

2019-01-29

Jan avatar

so…. who wants to talk me through whats going on here?

module "kops_state_backend" {
  source           = "git::<https://github.com/cloudposse/terraform-aws-kops-state-backend.git?ref=tags/0.1.5>"
...
  cluster_name     = "${var.region}"
  region           = "${var.region}"
...
}
Jan avatar
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” invocations for provisioning reference architectures - cloudposse/terraform-root-modules

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

so in the example we use cluster name as the DNS zone subdomain name, e.g. if the domain for the nevironment is [prod.example.com](http://prod.example.com), then the module will create a subdomain us-west-2 and you’ll access your cluster at [us-west-2.prod.example.com](http://us-west-2.prod.example.com)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

instead of the region, you can use any name that suits your needs, e.g. [kops.prod.example.com](http://kops.prod.example.com)

    keyboard_arrow_up