github.com/imran-kn/cilium-fork@v1.6.9/Documentation/gettingstarted/k8s-install-kops.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 http://docs.cilium.io 6 7 .. _kops_guide: 8 .. _k8s_install_kops: 9 10 *********************** 11 Installation using Kops 12 *********************** 13 14 As of ``kops`` 1.9 release, Cilium can be plugged into ``kops``-deployed 15 clusters as the CNI plugin. This guide provides steps to create a Kubernetes 16 cluster on AWS using ``kops`` and Cilium as the CNI plugin. Note, the ``kops`` 17 deployment will automate several deployment features in AWS by default, 18 including AutoScaling, Volumes, VPCs, etc. 19 20 Prerequisites 21 ============= 22 23 * `aws cli <https://aws.amazon.com/cli/>`_ 24 * `kubectl <https://kubernetes.io/docs/tasks/tools/install-kubectl>`_ 25 * aws account with permissions: 26 * AmazonEC2FullAccess 27 * AmazonRoute53FullAccess 28 * AmazonS3FullAccess 29 * IAMFullAccess 30 * AmazonVPCFullAccess 31 32 33 Installing kops 34 =============== 35 36 .. tabs:: 37 .. group-tab:: Linux 38 39 .. parsed-literal:: 40 41 curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64 42 chmod +x kops-linux-amd64 43 sudo mv kops-linux-amd64 /usr/local/bin/kops 44 45 .. group-tab:: MacOS 46 47 .. parsed-literal:: 48 49 brew update && brew install kops 50 51 52 Setting up IAM Group and User 53 ============================= 54 55 Assuming you have all the prerequisites, run the following commands to create 56 the ``kops`` user and group: 57 58 .. code:: bash 59 60 # Create IAM group named kops and grant access 61 aws iam create-group --group-name kops 62 aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops 63 aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops 64 aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops 65 aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops 66 aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops 67 aws iam create-user --user-name kops 68 aws iam add-user-to-group --user-name kops --group-name kops 69 aws iam create-access-key --user-name kops 70 71 72 ``kops`` requires the creation of a dedicated S3 bucket in order to store the 73 state and representation of the cluster. You will need to change the bucket 74 name and provide your unique bucket name (for example a reverse of FQDN added 75 with short description of the cluster). Also make sure to use the region where 76 you will be deploying the cluster. 77 78 .. code:: bash 79 80 aws s3api create-bucket --bucket prefix-example-com-state-store --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2 81 export KOPS_STATE_STORE=s3://prefix-example-com-state-store 82 83 The above steps are sufficient for getting a working cluster installed. Please 84 consult `kops aws documentation 85 <https://github.com/kubernetes/kops/blob/master/docs/aws.md>`_ for more 86 detailed setup instructions. 87 88 Cilium Prerequisites 89 ==================== 90 91 * Ensure the :ref:`admin_system_reqs` are met, particularly the Linux kernel 92 and key-value store versions. 93 94 In this guide, we will use etcd version 3.1.11 and the latest CoreOS stable 95 image which satisfies the minimum kernel version requirement of Cilium. To get 96 the latest CoreOS ``ami`` image, you can change the region value to your choice 97 in the command below. 98 99 .. code:: bash 100 101 aws ec2 describe-images --region=us-west-2 --owner=595879546273 --filters "Name=virtualization-type,Values=hvm" "Name=name,Values=CoreOS-stable*" --query 'sort_by(Images,&CreationDate)[-1].{id:ImageLocation}' 102 103 .. code:: json 104 105 { 106 "id": "595879546273/CoreOS-stable-1745.5.0-hvm" 107 } 108 109 110 Creating a Cluster 111 ==================== 112 113 * Note that you will need to specify the ``--master-zones`` and ``--zones`` for 114 creating the master and worker nodes. The number of master zones should be 115 * odd (1, 3, ...) for HA. For simplicity, you can just use 1 region. 116 * The cluster ``NAME`` variable should end with ``k8s.local`` to use the gossip 117 protocol. If creating multiple clusters using the same kops user, then make 118 the cluster name unique by adding a prefix such as ``com-company-emailid-``. 119 120 121 .. code:: bash 122 123 export NAME=com-company-emailid-cilium.k8s.local 124 export KOPS_FEATURE_FLAGS=SpecOverrideFlag 125 kops create cluster --state=${KOPS_STATE_STORE} --node-count 3 --node-size t2.medium --master-size t2.medium --topology private --master-zones us-west-2a,us-west-2b,us-west-2c --zones us-west-2a,us-west-2b,us-west-2c --image 595879546273/CoreOS-stable-1745.5.0-hvm --networking cilium --override "cluster.spec.etcdClusters[*].version=3.1.11" --kubernetes-version 1.10.3 --cloud-labels "Team=Dev,Owner=Admin" ${NAME} 126 127 128 You may be prompted to create a ssh public-private key pair. 129 130 .. code:: bash 131 132 ssh-keygen 133 134 135 (Please see :ref:`appendix_kops`) 136 137 Testing Cilium 138 ============== 139 140 Follow the `Cilium getting started guide example 141 <http://cilium.readthedocs.io/en/latest/gettingstarted/minikube/#step-2-deploy-the-demo-application>`_ 142 to test that the cluster is setup properly and that Cilium CNI and security 143 policies are functional. 144 145 .. _appendix_kops: 146 147 Deleting a Cluster 148 =========================== 149 150 To undo the dependencies and other deployment features in AWS from the ``kops`` 151 cluster creation, use ``kops`` to destroy a cluster *immediately* with the 152 parameter ``--yes``: 153 154 .. code:: bash 155 156 kops delete cluster ${NAME} --yes 157 158 Appendix: Details of kops flags used in cluster creation 159 ======================================================== 160 161 The following section explains all the flags used in create cluster command. 162 163 * ``KOPS_FEATURE_FLAGS=SpecOverrideFlag`` : This flag is used to override the etcd version to be used from 2.X[kops default ] to 3.1.x [requirement of cilium] 164 * ``--state=${KOPS_STATE_STORE}`` : KOPS uses an S3 bucket to store the state of your cluster and representation of your cluster 165 * ``--node-count 3`` : No. of worker nodes in the kubernetes cluster. 166 * ``--node-size t2.medium`` : The size of the AWS EC2 instance for worker nodes 167 * ``--master-size t2.medium`` : The size of the AWS EC2 instance of master nodes 168 * ``--topology private`` : Cluster will be created with private topology, what that means is all masters/nodes will be launched in a private subnet in the VPC 169 * ``--master-zones eu-west-1a,eu-west-1b,eu-west-1c`` : The 3 zones ensure the HA of master nodes, each belonging in a different Availability zones. 170 * ``--zones eu-west-1a,eu-west-1b,eu-west-1c`` : Zones where the worker nodes will be deployed 171 * ``--image 595879546273/CoreOS-stable-1745.3.1-hvm`` : Image name to be deployed (Cilium requires kernel version 4.8 and above so ensure to use the right OS for workers.) 172 * ``--networking cilium`` : Networking CNI plugin to be used - cilium 173 * ``--override "cluster.spec.etcdClusters[*].version=3.1.11"`` : Overrides the etcd version to be used. 174 * ``--kubernetes-version 1.10.3`` : Kubernetes version that is to be installed. Please note [Kops 1.9 officially supports k8s version 1.9] 175 * ``--cloud-labels "Team=Dev,Owner=Admin"`` : Labels for your cluster 176 * ``${NAME}`` : Name of the cluster. Make sure the name ends with k8s.local for a gossip based cluster