#kops (2019-02)
Discussions related to kops for kubernetes
Archive: https://archive.sweetops.com/kops/
2019-02-04
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
@Jan Any gotchas with implementing aws-iam-authenticator ? did you use https://github.com/cloudposse/terraform-aws-kops-iam-authenticator-config ?
Terraform module to create and apply a Kubernetes ConfigMap for aws-iam-authenticator
to be used with Kops to map IAM principals to Kubernetes users - cloudposse/terraform-aws-kops-iam-authentica…
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
heya
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Using the geodesic flag? https://github.com/cloudposse/geodesic/blob/master/rootfs/templates/kops/default.yaml#L54
Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! https://slack.cloudposse.com/ - clou…
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
um shew let me think
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
I dont think so
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
let me see what we did
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
in the middle of a refactor, please remind me later
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
np
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
@Tim ball is on your court
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
@Tim has joined the channel
2019-02-05
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
@Tim / @Jan How are you getting your kubecfg into place, that supports the aws-iam-authenticator ?
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Yes we are using the cloudposse AWS IAM authenticator config map
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Nice
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
The changes in the cluster config I have already seen on your side but it was removed
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Will look into it tomorrow
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
How are you writing the kubecfg ?
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Just adding the authentication webhook endpoint and installed a hook which pulls certs and stuff like that from s3
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
I have seen a commit on the cloudposse side doing exactly the same but it was removed ^^
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Right now I don’t have the cluster config here. But I can provide it to you tomorrow
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Cool, just wondering as kops export kubecfg
doesn’t contain the users block that uses aws-iam-authenticator
so wondering how you are doing it
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Got it. This is what I was referring to: https://github.com/cloudposse/geodesic/pull/345/files
what [kops/template] Update aws-iam-authenticator settings why Kubernetes 1.10 and newer has aws-iam-authenticator installed by default, no need to add scripts to install it from S3 references …
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Not sure how this does “fix iam authenticator” But that’s the config you need. Additional creating certificates and the config map
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
It says kubernetes comes with it by default but we were not able to get it working without these changes
![Tim avatar](https://secure.gravatar.com/avatar/0bcbfcd41d51fbc82418a6ef49d762ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management - kubernetes/kops
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I love #variant
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
check this out
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what Add commands to easily rotate a kops cluster's ssh keys Add command to easily connect to a kops cluster Add command to see a kops plan why This are routine operations that are complicat…
2019-02-18
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Anyone have success launching t3.*
instances with kops
? https://github.com/kubernetes/kops/issues/5755
- What kops version are you running? The command kops version, will display this information. Version 1.10.0 (git-782ff1358) This is branch release-1.10 with #5681 cherry-picked 2. What Kubernetes…
![daveyu avatar](https://secure.gravatar.com/avatar/8d79597556982a1205cf52c64aaa66ff.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
i wanted to try, saw that support was added kops 1.11, but i got stuck figuring out how to upgrade kops in geodesic without forking packages
- What kops version are you running? The command kops version, will display this information. Version 1.10.0 (git-782ff1358) This is branch release-1.10 with #5681 cherry-picked 2. What Kubernetes…
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
we use t3
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
kops version
Version 1.10.0
2019-02-19
2019-02-22
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
um
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
t3 medium and large
![Jan avatar](https://secure.gravatar.com/avatar/39fc70600d70a0afa40b682c3a695dc0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
and c5 large
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
ok, are you on kops 1.11?
2019-02-24
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
has anyone looked into using “App Mesh” with kops?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
AWS App Mesh is a service mesh that you can use with your microservices to manage service to service communication. - awslabs/aws-app-mesh-examples