From 173b2a1d06a3f7134a424645e4421dd5f56c7a76 Mon Sep 17 00:00:00 2001
From: feliux <ahffro@gmail.com>
Date: Fri, 21 Jun 2024 18:37:49 +0200
Subject: [PATCH] [feat] add kops support

---
 aws-k8s-kops/README.md    |  58 +++++++++++++++++++++
 aws-k8s-kops/cluster.yaml | 105 ++++++++++++++++++++++++++++++++++++++
 aws-k8s-kops/data.tf      |   3 ++
 aws-k8s-kops/outputs.tf   |  12 +++++
 aws-k8s-kops/provider.tf  |  12 +++++
 aws-k8s-kops/s3.tf        |  39 ++++++++++++++
 aws-k8s-kops/variables.tf |   5 ++
 7 files changed, 234 insertions(+)
 create mode 100644 aws-k8s-kops/README.md
 create mode 100755 aws-k8s-kops/cluster.yaml
 create mode 100644 aws-k8s-kops/data.tf
 create mode 100644 aws-k8s-kops/outputs.tf
 create mode 100644 aws-k8s-kops/provider.tf
 create mode 100644 aws-k8s-kops/s3.tf
 create mode 100644 aws-k8s-kops/variables.tf

diff --git a/aws-k8s-kops/README.md b/aws-k8s-kops/README.md
new file mode 100644
index 0000000..b8dae51
--- /dev/null
+++ b/aws-k8s-kops/README.md
@@ -0,0 +1,58 @@
+# kops
+
+Deploy a k8s cluster on AWS using kops.
+
+## Usage
+
+**Creating resources**
+
+Create a s3 bucket for storing kops state. Then create the cluster.
+
+Also, you can use kops to generate terraform configurations for your cluster (see [here](https://kops.sigs.k8s.io/terraform/)).
+
+
+```sh
+$ terraform init
+$ terraform plan -out tfplan
+$ terraform apply --auto-approve
+
+$ kops create cluster \
+    --cloud=aws \
+    --name=$(terraform output -raw cluster_name) \
+    --region=$(terraform output az) \
+    --state=s3://$(terraform output -raw s3_bucket) \
+    --discovery-store=s3://$(terraform output s3_bucket)/discovery \
+    --dry-run -o yaml | tee ./cluster.yaml
+$ kops create cluster \
+    --filename ./cluster.yaml \
+    --state=s3://$(terraform output -raw s3_bucket)
+$ kops update cluster \
+    --name=$(terraform output cluster_name) \
+    --state=s3://$(terraform output -raw s3_bucket) \
+    --yes \
+    --admin
+$ kops validate cluster \
+    --wait=10m \
+    --state=s3://$(terraform output -raw s3_bucket)
+
+$ kubectl run --rm --stdin --image=hello-worls --restart=Never --request-timeout=30 test-pod
+```
+
+**Deleting resources**
+
+Be sure to make a terraform destroy after deleting kops resources.
+
+```sh
+$ kops delete cluster \
+    --name=$(terraform output cluster_name) \
+    --state=s3://$(terraform output -raw s3_bucket) \
+    --yes
+ 
+$ terraform destroy --auto-approve
+```
+
+## References
+
+[kops](https://kops.sigs.k8s.io/)
+
+[kops github](https://github.com/kubernetes/kops)
diff --git a/aws-k8s-kops/cluster.yaml b/aws-k8s-kops/cluster.yaml
new file mode 100755
index 0000000..79eddaa
--- /dev/null
+++ b/aws-k8s-kops/cluster.yaml
@@ -0,0 +1,105 @@
+apiVersion: kops.k8s.io/v1alpha2
+kind: Cluster
+metadata:
+  creationTimestamp: null
+  name: kops-cluster-hfknujazjcbyvqwn.k8s.local
+spec:
+  api:
+    loadBalancer:
+      class: Network
+      type: Public
+  authorization:
+    rbac: {}
+  channel: stable
+  cloudProvider: aws
+  configBase: s3://hfknujazjcbyvqwn-kops-bucket/kops-cluster-hfknujazjcbyvqwn.k8s.local
+  etcdClusters:
+  - cpuRequest: 200m
+    etcdMembers:
+    - encryptedVolume: true
+      instanceGroup: control-plane-us-east-2a
+      name: a
+    memoryRequest: 100Mi
+    name: main
+  - cpuRequest: 100m
+    etcdMembers:
+    - encryptedVolume: true
+      instanceGroup: control-plane-us-east-2a
+      name: a
+    memoryRequest: 100Mi
+    name: events
+  iam:
+    allowContainerRegistry: true
+    legacy: false
+    useServiceAccountExternalPermissions: true
+  kubeProxy:
+    enabled: false
+  kubelet:
+    anonymousAuth: false
+  kubernetesApiAccess:
+  - 0.0.0.0/0
+  - ::/0
+  kubernetesVersion: 1.26.5
+  networkCIDR: 172.20.0.0/16
+  networking:
+    cilium:
+      enableNodePort: true
+  nonMasqueradeCIDR: 100.64.0.0/10
+  serviceAccountIssuerDiscovery:
+    discoveryStore: s3://hfknujazjcbyvqwn-kops-bucket/discovery/kops-cluster-hfknujazjcbyvqwn.k8s.local
+    enableAWSOIDCProvider: true
+  sshAccess:
+  - 0.0.0.0/0
+  - ::/0
+  subnets:
+  - cidr: 172.20.32.0/19
+    name: us-east-2a
+    type: Public
+    zone: us-east-2a
+  topology:
+    dns:
+      type: Private
+    masters: public
+    nodes: public
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: null
+  labels:
+    kops.k8s.io/cluster: kops-cluster-hfknujazjcbyvqwn.k8s.local
+  name: control-plane-us-east-2a
+spec:
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20230502
+  instanceMetadata:
+    httpPutResponseHopLimit: 1
+    httpTokens: required
+  machineType: t3.medium
+  maxSize: 1
+  minSize: 1
+  role: Master
+  subnets:
+  - us-east-2a
+
+---
+
+apiVersion: kops.k8s.io/v1alpha2
+kind: InstanceGroup
+metadata:
+  creationTimestamp: null
+  labels:
+    kops.k8s.io/cluster: kops-cluster-hfknujazjcbyvqwn.k8s.local
+  name: nodes-us-east-2a
+spec:
+  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20230502
+  instanceMetadata:
+    httpPutResponseHopLimit: 1
+    httpTokens: required
+  machineType: t3.medium
+  maxSize: 1
+  minSize: 1
+  role: Node
+  subnets:
+  - us-east-2a
diff --git a/aws-k8s-kops/data.tf b/aws-k8s-kops/data.tf
new file mode 100644
index 0000000..87d8f48
--- /dev/null
+++ b/aws-k8s-kops/data.tf
@@ -0,0 +1,3 @@
+data "aws_availability_zones" "available" {
+  state = "available"
+}
diff --git a/aws-k8s-kops/outputs.tf b/aws-k8s-kops/outputs.tf
new file mode 100644
index 0000000..b9e89df
--- /dev/null
+++ b/aws-k8s-kops/outputs.tf
@@ -0,0 +1,12 @@
+output "s3_bucket" {
+  value = aws_s3_bucket.kops_bucket.id
+}
+
+output "az" {
+  value = data.aws_availability_zones.available.names[0]
+}
+
+// Kops will set up this DNS for cluster internal communication without having to create public DNS records
+output "cluster_name" {
+  value = "kops-cluster-${random_string.random.result}.k8s.local"
+}
diff --git a/aws-k8s-kops/provider.tf b/aws-k8s-kops/provider.tf
new file mode 100644
index 0000000..f461e29
--- /dev/null
+++ b/aws-k8s-kops/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      version = "4.67.0"
+    }
+  }
+}
+
+provider "aws" {
+  alias = "us-east-1"
+  region = "us-east-1"
+}
diff --git a/aws-k8s-kops/s3.tf b/aws-k8s-kops/s3.tf
new file mode 100644
index 0000000..ab59633
--- /dev/null
+++ b/aws-k8s-kops/s3.tf
@@ -0,0 +1,39 @@
+resource "random_string" "random" {
+  length  = 8
+  lower   = true
+  upper   = false
+  special = false
+  numeric = false
+}
+
+resource "aws_s3_bucket" "kops_bucket" {
+  provider = aws.us-east-1
+  bucket   = "${var.project_name}-${random_string.random.result}-kops-bucket"
+}
+
+resource "aws_s3_bucket_public_access_block" "kops_ab" {
+  provider = aws.us-east-1
+  bucket   = aws_s3_bucket.kops_bucket.id
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_ownership_controls" "kops_oc" {
+  provider = aws.us-east-1
+  bucket   = aws_s3_bucket.kops_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "kops_acl" {
+  provider = aws.us-east-1
+  bucket = aws_s3_bucket.kops_bucket.id
+  acl    = "public-read"
+  depends_on = [
+    aws_s3_bucket_public_access_block.kops_ab,
+    aws_s3_bucket_ownership_controls.kops_oc,
+  ]
+}
diff --git a/aws-k8s-kops/variables.tf b/aws-k8s-kops/variables.tf
new file mode 100644
index 0000000..949b566
--- /dev/null
+++ b/aws-k8s-kops/variables.tf
@@ -0,0 +1,5 @@
+variable "project_name" {
+  description = "Project name"
+  type = string
+  default = "k8s"
+}