#kops (2019-01)
Discussions related to kops for kubernetes
Archive: https://archive.sweetops.com/kops/
2019-01-04
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Example Terraform/Kubernetes Reference Infrastructure for Cloud Posse Production Organization in AWS - cloudposse/prod.cloudposse.co
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Populate chamber secrets for kops project (make sure to change the keys and values to reflect your environment; add new secrets as needed)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
we’ve automated this now!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so these directions are out of date
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
sec
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Example Terraform service catalog of “root module” invocations for provisioning reference architectures - cloudposse/terraform-root-modules
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We are writing all the settings to SSM
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
then you can just run
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
chamber exec kops -- bash -l
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
and run kops ...
commands as normal
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i can show you a demo
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
please!
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
where do I find that list? in aws/kops-aws-platform/chamber-kops.sh
?
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
@Jan good question
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
busy trying to stand up the root kops as is
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
then modify the a fork of the module for targeting existing vpc’s
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I am working on docs: https://github.com/cloudposse/geodesic/pull/339
what Move KOPS_* envs out of Dockerfile (prevents deploying multiple clusters) Thoroughly document how to use .envrc with our kops strategy why Our previous strategy of defining all ENVs in the …
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
this should be merged by EOW (sunday)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
they still don’t take into account some of the latest changes.
2019-01-07
2019-01-08
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
This is a place for various problem detectors running on the Kubernetes nodes. - kubernetes/node-problem-detector
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator
to be used with Kops to map IAM principals to Kubernetes users
2019-01-09
![bazbremner avatar](https://secure.gravatar.com/avatar/61190aa3ffd42f3d341a98ec700e4ceb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0019-72.png)
@bazbremner has joined the channel
![webb avatar](https://avatars.slack-edge.com/2019-08-27/742331234246_ca91cf7fd5e88f4206b0_72.png)
@webb has joined the channel
2019-01-15
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Are you using rbac by default?
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
erg wrong channel I think
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
in our kops manifest, we have it disabled by default
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
but there’s a boolean to enable it
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! https://slack.cloudposse.com/ - clou…
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
yea
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Have it enabled
2019-01-17
![Ajay Tripathy avatar](https://secure.gravatar.com/avatar/74ec4b378f35c16d7f92c0c7c0199914.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
@Ajay Tripathy has joined the channel
2019-01-18
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
yo
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
when runnign k8s via kops in aws
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
what creates the KubernetesAdmin role referenced here?
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator
to be used with Kops to map IAM principals to Kubernetes users - cloudposse/terraform-aws-kops-iam-authentica…
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster - kubernetes-sigs/aws-iam-authenticator
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
here
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
might have to wait for @Andriy Knysh (Cloud Posse) …
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
are they prerequisites or do you create them automatically?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster - kubernetes-sigs/aws-iam-authenticator
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I don’t have first-hand experience setting this up yet
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so I can just google =P
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
hahah
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
yea all good
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
will figure it out
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator
to be used with Kops to map IAM principals to Kubernetes users - cloudposse/terraform-aws-kops-iam-authentica…
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
so liek this is the 2nd half of what I would have expected
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
the 1st part would have been the creation of the iam roles
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
will extend and submit
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
inf act its not needed
2019-01-21
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Compilation of public failure/horror stories related to Kubernetes - hjacobs/kubernetes-failure-stories
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
currently the generated yaml file cant be read https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/master/example.yaml#L33 here you can see how it should look like
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Jan
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
I thanks
2019-01-29
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
so…. who wants to talk me through whats going on here?
module "kops_state_backend" {
source = "git::<https://github.com/cloudposse/terraform-aws-kops-state-backend.git?ref=tags/0.1.5>"
...
cluster_name = "${var.region}"
region = "${var.region}"
...
}
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Example Terraform service catalog of “root module” invocations for provisioning reference architectures - cloudposse/terraform-root-modules
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
so in the example we use cluster name as the DNS zone subdomain name, e.g. if the domain for the nevironment is [prod.example.com](http://prod.example.com)
, then the module will create a subdomain us-west-2
and you’ll access your cluster at [us-west-2.prod.example.com](http://us-west-2.prod.example.com)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
instead of the region, you can use any name that suits your needs, e.g. [kops.prod.example.com](http://kops.prod.example.com)