An Introduction to Kubernetes (1) Environment Preparation

Containerization has revolutionized the way applications are deployed, offering increased portability and scalability. At the forefront of container management, Kubernetes has emerged as a dominant open-source platform.

Derived from the Greek word for helmsman or pilot, Kubernetes aptly serves as a pilot, skillfully managing workloads while you set the course for your applications.

In kubernetes series article, we will explore Kubernetes’ essential features, its role in managing containerized workloads, and its extensibility options, empowering developers to harness its full potential.

• An Introduction to Kubernetes (1) Environment Preparation

• An Introduction to Kubernetes (2) Cluster Introduction

• An Introduction to Kubernetes (3) Publish Application to Amazon Elastic Kubernetes Service

• An Introduction to Kubernetes (4) Troubleshooting & References

In this section, will introduction about environment preparation in linux and Mac.

Install kubectl

Install (or update) kubectl (Kubernetes )

mac

curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.27.1/2023-04-19/bin/darwin/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bash_profile
kubectl version --short --client

Linux

sudo -i
curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.27.1/2023-04-19/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
kubectl version --short --client

Install EKSCtl

https://github.com/eksctl-io/eksctl/blob/main/README.md#installation

Mac (Not Recommended)

brew tap weaveworks/tap
brew install weaveworks/tap/eksctl

Linux

# for ARM systems, set ARCH to: `arm64`, `armv6` or `armv7`
ARCH=amd64
PLATFORM=$(uname -s)_$ARCH

curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz"
# (Optional) Verify checksum
curl -sL "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_checksums.txt" | grep $PLATFORM | sha256sum --check

tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz

sudo mv /tmp/eksctl $HOME/bin/eksctl && export PATH=$HOME/bin:$PATH
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
eksctl version

Install AWS CLI

Mac

Please reference https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Linux

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version

If you found the aws version still 1.x, can execute the upgrade command

pip3 install --upgrade --user awscli
./aws/install --bin-dir /bin --install-dir /aws-cli --updates

prepare environment variable

export EKS_CLUSTER_NAME=demo-version
export AWS_REGION=ap-northeast-1

Prepare AWS Credentials

setting credentials

mkdir ~/.aws
echo "[backyard]
aws_access_key_id={your access key}
aws_secret_access_key={your secret key}
aws_session_token={your session token}" > ~/.aws/credentials

Setting config region

[backyard]
region=ap-northeast-1
output=json

checkout crediential

$ aws --profile backyard configure list

      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************xxxx shared-credentials-file
secret_key     ****************xxxx shared-credentials-file
    region           ap-northeast-1      config-file    ~/.aws/config

Install AWS IAM Authenticator

Mac

brew install aws-iam-authenticator
aws-iam-authenticator help

Linux

curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64
chmod +x ./aws-iam-authenticator
mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$HOME/bin:$PATH
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
aws-iam-authenticator help

AWS IAM Authenticator get the EKS cluster authentication

aws-iam-authenticator token --cluster-name $EKS_CLUSTER_NAME --region $AWS_REGION
aws eks get-token --cluster-name $EKS_CLUSTER_NAME --region $AWS_REGION

Confirm your AWS IAM verfication for Kubernetes:

aws --profile backyard sts get-caller-identity

Create a kubeconfig

aws --profile backyard eks update-kubeconfig --region $AWS_REGION --name $EKS_CLUSTER_NAME

Create IAM Role json

cat >eks-cluster-role-trust-policy.json <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF

Create IAM Role

aws iam --profile backyard create-role \
  --role-name adamAmazonEKSClusterRole \
  --assume-role-policy-document file://"eks-cluster-role-trust-policy.json"

Attach role policy

aws --profile backyard  iam attach-role-policy \
  --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
  --role-name adamAmazonEKSClusterRole