mirrors/kubernetes-the-hard-way
1
0
Fork 0
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way.git synced 2025-12-18 10:48:57 +03:00
Code Issues Projects Releases Wiki Activity

Migrate from GCP to AWS with CloudFormation templates

Browse Source
This commit is contained in:
thash
2020-01-17 02:22:28 +09:00
parent 5c462220b7
commit 4a66dbd201
24 changed files with 1547 additions and 800 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cloudformation/hard-k8s-eip.cfn.yml Normal file
View File

@@ -0,0 +1,12 @@
Resources:
HardK8sEIP:
Type: AWS::EC2::EIP
Properties:
Tags:
- Key: Name
Value: eip-kubernetes-the-hard-way
Outputs:
EipAllocation:
Value: !GetAtt HardK8sEIP.AllocationId
Export: { Name: hard-k8s-eipalloc }

140
cloudformation/hard-k8s-master-nodes.cfn.yml Normal file
View File

@@ -0,0 +1,140 @@
Resources:
HardK8sMaster0:
Type: AWS::EC2::Instance
Properties:
InstanceType: t3.micro
SubnetId: !ImportValue hard-k8s-subnet
SecurityGroupIds:
- !ImportValue hard-k8s-sg
ImageId:
Fn::FindInMap: [UbuntuAMIs, !Ref "AWS::Region", "id"]
KeyName: !Ref ParamKeyName
PrivateIpAddress: 10.240.0.10
# SourceDestCheck: false
UserData:
Fn::Base64: |-
#cloud-config
fqdn: master-0.k8shardway.local
hostname: master-0
runcmd:
- echo "preserve_hostname: true" >> /etc/cloud/cloud.cfg
write_files:
- path: /etc/hosts
permissions: '0644'
content: |
127.0.0.1 localhost localhost.localdomain
# Kubernetes the Hard Way - hostnames
10.240.0.10 master-0
10.240.0.11 master-1
10.240.0.12 master-2
10.240.0.20 worker-0
10.240.0.21 worker-1
10.240.0.22 worker-2
Tags: [ { "Key": "Name", "Value": "master-0" } ]
HardK8sMaster1:
Type: AWS::EC2::Instance
Properties:
InstanceType: t3.micro
SubnetId: !ImportValue hard-k8s-subnet
SecurityGroupIds:
- !ImportValue hard-k8s-sg
ImageId:
Fn::FindInMap: [UbuntuAMIs, !Ref "AWS::Region", "id"]
KeyName: !Ref ParamKeyName
PrivateIpAddress: 10.240.0.11
# SourceDestCheck: false
UserData:
Fn::Base64: |-
#cloud-config
fqdn: master-1.k8shardway.local
hostname: master-1
runcmd:
- echo "preserve_hostname: true" >> /etc/cloud/cloud.cfg
write_files:
- path: /etc/hosts
permissions: '0644'
content: |
127.0.0.1 localhost localhost.localdomain
# Kubernetes the Hard Way - hostnames
10.240.0.10 master-0
10.240.0.11 master-1
10.240.0.12 master-2
10.240.0.20 worker-0
10.240.0.21 worker-1
10.240.0.22 worker-2
Tags: [ { "Key": "Name", "Value": "master-1" } ]
HardK8sMaster2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t3.micro
SubnetId: !ImportValue hard-k8s-subnet
SecurityGroupIds:
- !ImportValue hard-k8s-sg
ImageId:
Fn::FindInMap: [UbuntuAMIs, !Ref "AWS::Region", "id"]
KeyName: !Ref ParamKeyName
PrivateIpAddress: 10.240.0.12
# SourceDestCheck: false
UserData:
Fn::Base64: |-
#cloud-config
fqdn: master-2.k8shardway.local
hostname: master-2
runcmd:
- echo "preserve_hostname: true" >> /etc/cloud/cloud.cfg
write_files:
- path: /etc/hosts
permissions: '0644'
content: |
127.0.0.1 localhost localhost.localdomain
# Kubernetes the Hard Way - hostnames
10.240.0.10 master-0
10.240.0.11 master-1
10.240.0.12 master-2
10.240.0.20 worker-0
10.240.0.21 worker-1
10.240.0.22 worker-2
Tags: [ { "Key": "Name", "Value": "master-2" } ]
Parameters:
ParamKeyName:
Type: AWS::EC2::KeyPair::KeyName
Default: ec2-key
# $ aws ec2 describe-regions --query 'Regions[].RegionName' --output text \
# | tr "\t" "\n" | sort \
# | xargs -I _R_ aws --region _R_ ec2 describe-images \
# --filters Name=name,Values="ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20191002" \
# --query 'Images[0].ImageId' --output
Mappings:
UbuntuAMIs:
ap-northeast-1: { "id": "ami-0cd744adeca97abb1" }
ap-northeast-2: { "id": "ami-00379ec40a3e30f87" }
ap-northeast-3: { "id": "ami-0bd42271bb31d96d2" }
ap-south-1: { "id": "ami-0123b531fc646552f" }
ap-southeast-1: { "id": "ami-061eb2b23f9f8839c" }
ap-southeast-2: { "id": "ami-00a54827eb7ffcd3c" }
ca-central-1: { "id": "ami-0b683aae4ee93ef87" }
eu-central-1: { "id": "ami-0cc0a36f626a4fdf5" }
eu-north-1: { "id": "ami-1dab2163" }
eu-west-1: { "id": "ami-02df9ea15c1778c9c" }
eu-west-2: { "id": "ami-0be057a22c63962cb" }
eu-west-3: { "id": "ami-087855b6c8b59a9e4" }
sa-east-1: { "id": "ami-02c8813f1ea04d4ab" }
us-east-1: { "id": "ami-04b9e92b5572fa0d1" }
us-east-2: { "id": "ami-0d5d9d301c853a04a" }
us-west-1: { "id": "ami-0dd655843c87b6930" }
us-west-2: { "id": "ami-06d51e91cea0dac8d" }
Outputs:
Master0:
Value: !Ref HardK8sMaster0
Export: { Name: hard-k8s-master-0 }
Master1:
Value: !Ref HardK8sMaster1
Export: { Name: hard-k8s-master-1 }
Master2:
Value: !Ref HardK8sMaster2
Export: { Name: hard-k8s-master-2 }

46
cloudformation/hard-k8s-network.cfn.yml Normal file
View File

@@ -0,0 +1,46 @@
Resources:
HardK8sVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.240.0.0/16"
EnableDnsHostnames: true
EnableDnsSupport: true
HardK8sSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref HardK8sVpc
CidrBlock: "10.240.0.0/24"
MapPublicIpOnLaunch: true
HardK8sRtb:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref HardK8sVpc
HardK8sRtbAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref HardK8sRtb
SubnetId: !Ref HardK8sSubnet
HardK8sIgw:
Type: AWS::EC2::InternetGateway
HardK8sGwAttach:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref HardK8sVpc
InternetGatewayId: !Ref HardK8sIgw
HardK8sDefaultRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref HardK8sRtb
GatewayId: !Ref HardK8sIgw
Outputs:
VpcId:
Value: !Ref HardK8sVpc
Export: { Name: hard-k8s-vpc }
SubnetId:
Value: !Ref HardK8sSubnet
Export: { Name: hard-k8s-subnet }
RouteTableId:
Value: !Ref HardK8sRtb
Export: { Name: hard-k8s-rtb }

31
cloudformation/hard-k8s-nlb.cfn.yml Normal file
View File

@@ -0,0 +1,31 @@
Resources:
HardK8sNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Type: network
Scheme: internet-facing
SubnetMappings:
- AllocationId: !ImportValue hard-k8s-eipalloc
SubnetId: !ImportValue hard-k8s-subnet
HardK8sListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref HardK8sTargetGroup
Type: forward
LoadBalancerArn: !Ref HardK8sNLB
Port: 6443
Protocol: TCP
HardK8sTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !ImportValue hard-k8s-vpc
Protocol: TCP
Port: 6443
Targets:
- Id: !ImportValue hard-k8s-master-0
- Id: !ImportValue hard-k8s-master-1
- Id: !ImportValue hard-k8s-master-2
HealthCheckPort: "80" # default is "traffic-port", which means 6443.

16
cloudformation/hard-k8s-nodeport-sg-ingress.cfn.yml Normal file
View File

@@ -0,0 +1,16 @@
Parameters:
ParamNodePort:
Type: Number
# ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
MinValue: 30000
MaxValue: 32767
Resources:
HardK8sSmokeIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !ImportValue hard-k8s-sg
CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: !Ref ParamNodePort
ToPort: !Ref ParamNodePort

21
cloudformation/hard-k8s-pod-routes.cfn.yml Normal file
View File

@@ -0,0 +1,21 @@
Resources:
RouteWorker0:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 10.200.0.0/24
RouteTableId: !ImportValue hard-k8s-rtb
InstanceId: !ImportValue hard-k8s-worker-0
RouteWorker1:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 10.200.1.0/24
RouteTableId: !ImportValue hard-k8s-rtb
InstanceId: !ImportValue hard-k8s-worker-1
RouteWorker2:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 10.200.2.0/24
RouteTableId: !ImportValue hard-k8s-rtb
InstanceId: !ImportValue hard-k8s-worker-2

19
cloudformation/hard-k8s-security-groups.cfn.yml Normal file
View File

@@ -0,0 +1,19 @@
Resources:
HardK8sSg:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: security group for Kubernetes the hard way
VpcId: !ImportValue hard-k8s-vpc
SecurityGroupIngress:
# ingress internal traffic - allow all protocols/ports
- { "CidrIp": "10.240.0.0/24", "IpProtocol": "-1" } # master/worker nodes cidr range
- { "CidrIp": "10.200.0.0/16", "IpProtocol": "-1" } # pod cidr range
# ingress external traffic
- { "CidrIp": "0.0.0.0/0", "IpProtocol": "tcp", "FromPort": 6443, "ToPort": 6443 }
- { "CidrIp": "0.0.0.0/0", "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22 }
- { "CidrIp": "0.0.0.0/0", "IpProtocol": "icmp", "FromPort": -1, "ToPort": -1 }
Outputs:
SgId:
Value: !Ref HardK8sSg
Export: { Name: hard-k8s-sg }

197
cloudformation/hard-k8s-worker-nodes.cfn.yml Normal file
View File

@@ -0,0 +1,197 @@
Resources:
HardK8sWorker0:
Type: AWS::EC2::Instance
Properties:
InstanceType: t3.micro
SubnetId: !ImportValue hard-k8s-subnet
SecurityGroupIds:
- !ImportValue hard-k8s-sg
ImageId:
Fn::FindInMap: [UbuntuAMIs, !Ref "AWS::Region", "id"]
KeyName: !Ref ParamKeyName
PrivateIpAddress: 10.240.0.20
# SourceDestCheck: false
UserData:
Fn::Base64: |-
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
fqdn: worker-0.k8shardway.local
hostname: worker-0
runcmd:
- echo "preserve_hostname: true" >> /etc/cloud/cloud.cfg
write_files:
- path: /etc/hosts
permissions: '0644'
content: |
127.0.0.1 localhost localhost.localdomain
# Kubernetes the Hard Way - hostnames
10.240.0.10 master-0
10.240.0.11 master-1
10.240.0.12 master-2
10.240.0.20 worker-0
10.240.0.21 worker-1
10.240.0.22 worker-2
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
echo 10.200.0.0/24 > /opt/pod_cidr.txt
--//
Tags: [ { "Key": "Name", "Value": "worker-0" } ]
HardK8sWorker1:
Type: AWS::EC2::Instance
Properties:
InstanceType: t3.micro
SubnetId: !ImportValue hard-k8s-subnet
SecurityGroupIds:
- !ImportValue hard-k8s-sg
ImageId:
Fn::FindInMap: [UbuntuAMIs, !Ref "AWS::Region", "id"]
KeyName: !Ref ParamKeyName
PrivateIpAddress: 10.240.0.21
# SourceDestCheck: false
UserData:
Fn::Base64: |-
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
fqdn: worker-1.k8shardway.local
hostname: worker-1
runcmd:
- echo "preserve_hostname: true" >> /etc/cloud/cloud.cfg
write_files:
- path: /etc/hosts
permissions: '0644'
content: |
127.0.0.1 localhost localhost.localdomain
# Kubernetes the Hard Way - hostnames
10.240.0.10 master-0
10.240.0.11 master-1
10.240.0.12 master-2
10.240.0.20 worker-0
10.240.0.21 worker-1
10.240.0.22 worker-2
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
echo 10.200.1.0/24 > /opt/pod_cidr.txt
--//
Tags: [ { "Key": "Name", "Value": "worker-1" } ]
HardK8sWorker2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t3.micro
SubnetId: !ImportValue hard-k8s-subnet
SecurityGroupIds:
- !ImportValue hard-k8s-sg
ImageId:
Fn::FindInMap: [UbuntuAMIs, !Ref "AWS::Region", "id"]
KeyName: !Ref ParamKeyName
PrivateIpAddress: 10.240.0.22
# SourceDestCheck: false
UserData:
Fn::Base64: |-
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
fqdn: worker-2.k8shardway.local
hostname: worker-2
runcmd:
- echo "preserve_hostname: true" >> /etc/cloud/cloud.cfg
write_files:
- path: /etc/hosts
permissions: '0644'
content: |
127.0.0.1 localhost localhost.localdomain
# Kubernetes the Hard Way - hostnames
10.240.0.10 master-0
10.240.0.11 master-1
10.240.0.12 master-2
10.240.0.20 worker-0
10.240.0.21 worker-1
10.240.0.22 worker-2
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
echo 10.200.2.0/24 > /opt/pod_cidr.txt
--//
Tags: [ { "Key": "Name", "Value": "worker-2" } ]
Parameters:
ParamKeyName:
Type: AWS::EC2::KeyPair::KeyName
Default: ec2-key
# $ aws ec2 describe-regions --query 'Regions[].RegionName' --output text \
# | tr "\t" "\n" | sort \
# | xargs -I _R_ aws --region _R_ ec2 describe-images \
# --filters Name=name,Values="ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20191002" \
# --query 'Images[0].ImageId' --output
Mappings:
UbuntuAMIs:
ap-northeast-1: { "id": "ami-0cd744adeca97abb1" }
ap-northeast-2: { "id": "ami-00379ec40a3e30f87" }
ap-northeast-3: { "id": "ami-0bd42271bb31d96d2" }
ap-south-1: { "id": "ami-0123b531fc646552f" }
ap-southeast-1: { "id": "ami-061eb2b23f9f8839c" }
ap-southeast-2: { "id": "ami-00a54827eb7ffcd3c" }
ca-central-1: { "id": "ami-0b683aae4ee93ef87" }
eu-central-1: { "id": "ami-0cc0a36f626a4fdf5" }
eu-north-1: { "id": "ami-1dab2163" }
eu-west-1: { "id": "ami-02df9ea15c1778c9c" }
eu-west-2: { "id": "ami-0be057a22c63962cb" }
eu-west-3: { "id": "ami-087855b6c8b59a9e4" }
sa-east-1: { "id": "ami-02c8813f1ea04d4ab" }
us-east-1: { "id": "ami-04b9e92b5572fa0d1" }
us-east-2: { "id": "ami-0d5d9d301c853a04a" }
us-west-1: { "id": "ami-0dd655843c87b6930" }
us-west-2: { "id": "ami-06d51e91cea0dac8d" }
Outputs:
Worker0:
Value: !Ref HardK8sWorker0
Export: { Name: hard-k8s-worker-0 }
Worker1:
Value: !Ref HardK8sWorker1
Export: { Name: hard-k8s-worker-1 }
Worker2:
Value: !Ref HardK8sWorker2
Export: { Name: hard-k8s-worker-2 }