How to use kOps in AWS China Region

    Most of the following procedures to provision a cluster are the same with the guide to use kOps in AWS. The differences will be highlighted and the similar parts will be omitted.

    NOTE: THE FOLLOWING PROCEDURES ARE ONLY TESTED WITH KOPS 1.10.0, 1.10.1 AND KUBERNETES 1.9.11, 1.10.12

    Install kubectl

    Setup your environment

    AWS

    When aws configure, remember to set the default region name to the correct one, e.g. cn-north-1.

    And export it correctly.

    1. export AWS_REGION=$(aws configure get region)

    As the note kindly pointing out, a gossip-based cluster can be easily created by having the cluster name end with .k8s.local. We will adopt this trick below. Rest of this section can be skipped safely.

    Thanks to gossip, this section can be skipped safely as well.

    Since we are provisioning a cluster in AWS China Region, we need to create a dedicated S3 bucket in AWS China Region.

    1. aws s3api create-bucket --bucket prefix-example-com-state-store --create-bucket-configuration LocationConstraint=$AWS_REGION

    Ensure you have a VPC which can access the internet NORMALLY

    We have to build our own AMI because there is . There’re two ways to accomplish so.

    ImageBuilder RECOMMENDED

    First, launch an instance in a private subnet which accesses the internet fast and stably.

    Because the instance launched in a private subnet, we need to ensure it can be connected by using the private ip via a VPN or a bastion.

    1. SUBNET_ID=<subnet id> # a private subnet
    2. SECURITY_GROUP_ID=<security group id>
    3. KEY_NAME=<key pair name on aws>
    5. AMI_ID=$(aws ec2 describe-images --filters Name=name,Values=debian-jessie-amd64-hvm-2016-02-20-ebs --query 'Images[*].ImageId' --output text)
    6. INSTANCE_ID=$(aws ec2 run-instances --image-id $AMI_ID --instance-type m3.medium --key-name $KEY_NAME --security-group-ids $SECURITY_GROUP_ID --subnet-id $SUBNET_ID --no-associate-public-ip-address --query 'Instances[*].InstanceId' --output text)
    7. aws ec2 create-tags --resources ${INSTANCE_ID} --tags Key=k8s.io/role/imagebuilder,Value=1

    Now follow the documentation of in kube-deploy to build the image.

    Copy AMI from another region

    Following to copy the kOps image from another region, e.g. .

    Get the AMI id

    No matter how to build the AMI, we get an AMI finally, e.g. k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-07-18.

    Prepare local environment

    Set up a few environment variables.

    1. export NAME=example.k8s.local
    2. export KOPS_STATE_STORE=s3://prefix-example-com-state-store

    Create cluster configuration

    1. aws ec2 describe-availability-zones

    Below is a create cluster command which will create a complete internal cluster . The below command will generate a cluster configuration, but not start building it. Make sure that you have generated SSH key pair before creating the cluster.

    1. VPC_ID=<vpc id>
    2. VPC_NETWORK_CIDR=<vpc network cidr> # e.g. 172.30.0.0/16
    3. AMI=<owner id/ami name> # e.g. 123456890/k8s-1.9-debian-jessie-amd64-hvm-ebs-2018-07-18
    5. kops create cluster \
    6.     --zones ${AWS_REGION}a \
    7.     --network-cidr ${VPC_NETWORK_CIDR} \
    8.     --image ${AMI} \
    9.     --associate-public-ip=false \
    10.     --api-loadbalancer-type internal \
    11.     --topology private \
    12.     --networking calico \
    13.     ${NAME}

    Now we have a cluster configuration, we adjust the subnet config to reuse shared subnets by editing the description.

    Then change the corresponding subnets to specify the and remove the cidr, e.g.

    1. spec:
    2.   subnets:
    3.   - id: subnet-12345678
    4.     name: cn-north-1a
    5.     type: Private
    6.     zone: cn-north-1a
    7.   - id: subnet-87654321
    8.     name: utility-cn-north-1a
    9.     type: Utility
    10.     zone: cn-north-1a

    Another tweak we can adopt here is to add a docker section to change the mirror to . This will increase stability and download speed of pulling images from docker hub.

    1. spec:
    2.   docker:
    3.     registryMirrors:
    4.     - https://registry.docker-cn.com

    Please note that this mirror MIGHT BE not suitable for some cases. It’s can be replaced by any other registry mirror as long as it’s compatible with the docker api.

    Add more master nodes

    In one AZ

    To achieve this, we can add more parameters to kops create cluster.

    1.   --zones ${AWS_REGION}a --node-count 2 \

    In two AZs

    Please note that this will still have 50% chance to break the cluster when one of the AZs are down.