148422597X Kubernetes Management Design Patterns [Vohra 2017-01-29] {E559F6BB}
Chapter 2 ■ Kubernetes on CoreOS on AWSThe key pair is created and access permissions are set as shown in Figure 2-4.Figure 2-4. Creating the key pairOn the AWS console the kubernetes-coreos key pair should be listed, as shown in Figure 2-5.Figure 2-5. Listing the key pair in the EC2 consoleCreating a KMS KeyNext, create a KMS key, which is used to encrypt and decrypt cluster TLS assets and is identified by anAmazon Resource Name (ARN) string. Use the aws CLI to create a KMS key for region us-east-1.aws kms --region=us-east-1 create-key --description="kube-aws assets"A KMS key is created as shown in Figure 2-6. Copy the KeyMetadata.Arn string arn:aws:kms:us-east-1:672593526685:key/b7209ba2-cb87-4ccf-8401-5c6fd4fb9f9b to be used later to initialize the clusterCloudFormation.28
Chapter 2 ■ Kubernetes on CoreOS on AWSFigure 2-6. Creating a KMS keySetting Up an External DNS NameNext you need to register a domain name with a domain registrar, as we shall be using the domain’s externalDNS name to make the cluster API accessible. We have used the external DNS name NOSQLSEARCH.COM. TheNOSQLSEARCH.COM domain is not usable for all users, and different users would need to register a differentdomain name with a domain registry. Or, use a domain that is already registered.Creating the ClusterCreating a cluster requires the following procedure:1. Create an asset directory.2. Initialize the CloudFormation stack.3. Render the contents of the asset directory.4. Customize the cluster optionally in the cluster.yaml file.5. Validate the CloudFormation stack and the cloud-config user data files.6. Launch the CloudFormation stack.We shall discuss each of these stages next.Creating an Asset DirectoryCreate a directory on the Amazon Linux EC2 instance for the generated assets. Then cd (change directory) tothe asset directory:mkdir coreos-clustercd coreos-cluster29
- Page 1 and 2: KubernetesManagementDesign Patterns
- Page 3 and 4: Kubernetes Management Design Patter
- Page 5 and 6: ■ CONTENTS AT A GLANCE■Part
- Page 7 and 8: ■ CONTENTSSetting Up Cluster Para
- Page 9 and 10: ■ CONTENTS■Chapter ■ 6: Us
- Page 11 and 12: ■ CONTENTSOvercommitting Resou
- Page 13 and 14: ■ CONTENTSInstalling OpenShift
- Page 15 and 16: About the Technical ReviewerMassimo
- Page 17 and 18: ■ INTRODUCTIONpatterns are lan
- Page 19 and 20: ■ INTRODUCTIONIn Chapter 3 we
- Page 21 and 22: CHAPTER 1Kubernetes on AWSKubernete
- Page 23 and 24: Chapter 1 ■ Kubernetes on AWSIn t
- Page 25 and 26: Chapter 1 ■ Kubernetes on AWSUsin
- Page 27 and 28: Chapter 1 ■ Kubernetes on AWSClic
- Page 29 and 30: Chapter 1 ■ Kubernetes on AWSFigu
- Page 31 and 32: Chapter 1 ■ Kubernetes on AWSFigu
- Page 33 and 34: Chapter 1 ■ Kubernetes on AWSFigu
- Page 35 and 36: Testing the ClusterChapter 1 ■ Ku
- Page 37 and 38: Chapter 1 ■ Kubernetes on AWSFigu
- Page 39 and 40: Chapter 1 ■ Kubernetes on AWSFigu
- Page 41 and 42: CHAPTER 2Kubernetes on CoreOS on AW
- Page 43 and 44: Chapter 2 ■ Kubernetes on CoreOS
- Page 45: Chapter 2 ■ Kubernetes on CoreOS
- Page 49 and 50: Customizing the ClusterChapter 2
- Page 51 and 52: Chapter 2 ■ Kubernetes on CoreOS
- Page 53 and 54: Chapter 2 ■ Kubernetes on CoreOS
- Page 55 and 56: Chapter 2 ■ Kubernetes on CoreOS
- Page 57 and 58: Chapter 2 ■ Kubernetes on CoreOS
- Page 59 and 60: Chapter 2 ■ Kubernetes on CoreOS
- Page 61 and 62: Chapter 2 ■ Kubernetes on CoreOS
- Page 63 and 64: Chapter 2 ■ Kubernetes on CoreOS
- Page 65 and 66: Chapter 2 ■ Kubernetes on CoreOS
- Page 67 and 68: Chapter 3 ■ Kubernetes on Google
- Page 69 and 70: Chapter 3 ■ Kubernetes on Google
- Page 71 and 72: Chapter 3 ■ Kubernetes on Google
- Page 73 and 74: Chapter 3 ■ Kubernetes on Google
- Page 75 and 76: Chapter 3 ■ Kubernetes on Google
- Page 77 and 78: Chapter 3 ■ Kubernetes on Google
- Page 79 and 80: Chapter 3 ■ Kubernetes on Google
- Page 81 and 82: Chapter 3 ■ Kubernetes on Google
- Page 83 and 84: Chapter 3 ■ Kubernetes on Google
- Page 85 and 86: Chapter 3 ■ Kubernetes on Google
- Page 87 and 88: Chapter 3 ■ Kubernetes on Google
- Page 89 and 90: Chapter 3 ■ Kubernetes on Google
- Page 91 and 92: Chapter 3 ■ Kubernetes on Google
- Page 93 and 94: Chapter 3 ■ Kubernetes on Google
- Page 95 and 96: Chapter 3 ■ Kubernetes on Google
Chapter 2 ■ Kubernetes on CoreOS on AWS
The key pair is created and access permissions are set as shown in Figure 2-4.
Figure 2-4. Creating the key pair
On the AWS console the kubernetes-coreos key pair should be listed, as shown in Figure 2-5.
Figure 2-5. Listing the key pair in the EC2 console
Creating a KMS Key
Next, create a KMS key, which is used to encrypt and decrypt cluster TLS assets and is identified by an
Amazon Resource Name (ARN) string. Use the aws CLI to create a KMS key for region us-east-1.
aws kms --region=us-east-1 create-key --description="kube-aws assets"
A KMS key is created as shown in Figure 2-6. Copy the KeyMetadata.Arn string arn:aws:kms:us-east-
1:672593526685:key/b7209ba2-cb87-4ccf-8401-5c6fd4fb9f9b to be used later to initialize the cluster
CloudFormation.
28