-
Notifications
You must be signed in to change notification settings - Fork 7
/
stack-GitOps-educate.yml
732 lines (656 loc) · 32.6 KB
/
stack-GitOps-educate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
AWSTemplateFormatVersion: '2010-09-09'
Metadata:
License: Apache-2.0
Description: 'AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample:
Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based
on the region in which the stack is run. This example creates an EC2 security group
for the instance to give you SSH access. **WARNING** This template creates an Amazon
EC2 instance. You will be billed for the AWS resources used if you create a stack
from this template.'
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceTypeGitLab:
Description: GitLab EC2 instance type
Type: String
Default: t2.medium
AllowedValues: [t2.medium, t2.large, t2.xlarge, t2.2xlarge,
t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge,
m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge,
m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge,
c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge,
g3.8xlarge,
r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r3.12xlarge,
i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge,
d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge]
ConstraintDescription: must be a valid EC2 instance type.
InstanceTypeKubernetesMaster:
Description: Kubernetes master EC2 instance type
Type: String
Default: t2.medium
AllowedValues: [t2.medium, t2.large, t2.xlarge, t2.2xlarge,
t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge,
m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge,
m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge,
c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge,
g3.8xlarge,
r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r3.12xlarge,
i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge,
d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge]
ConstraintDescription: must be a valid EC2 instance type.
InstanceTypeKubernetesWorker:
Description: Kubernetes worker EC2 instance type
Type: String
Default: t2.micro
AllowedValues: [t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge,
t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge,
m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge,
m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge,
c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge,
g3.8xlarge,
r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r3.12xlarge,
i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge,
d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge]
ConstraintDescription: must be a valid EC2 instance type.
PrivateKey:
Description: PrivateKey
Type: String
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: 9
MaxLength: 18
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
ImageType:
Description: Image type for deployment
Default: "Debian GNU/Linux 9 (stretch) - ami-003f19e0e687de1cd"
Type: String
AllowedValues:
- "Debian GNU/Linux 9 (stretch) - ami-003f19e0e687de1cd"
- "CentOS Linux 7 (Core) - ami-0083662ba17882949"
ConstraintDescription: must specify debian or centos
Conditions:
DebianImage: !Equals [!Ref ImageType, "Debian GNU/Linux 9 (stretch) - ami-003f19e0e687de1cd"]
CentosImage: !Equals [!Ref ImageType, "CentOS Linux 7 (Core) - ami-0083662ba17882949"]
Resources:
ec2RoleDescribeInstance:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
ec2InstanceProfileDescribeInstance:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref ec2RoleDescribeInstance
ec2RolePoliciesDescribeInstance:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: ec2RoleDescribeInstance
PolicyDocument:
Statement:
#Allow permission to describe all ec2 instances
- Effect: Allow
Action: 'ec2:DescribeInstances'
Resource: '*'
Roles:
- !Ref ec2RoleDescribeInstance
GitLabServer:
Type: AWS::EC2::Instance
Properties:
Tags:
- Key: Name
Value: 'GitLabServer'
InstanceType: !Ref 'InstanceTypeGitLab'
SecurityGroups: [!Ref 'InstanceSecurityGroupGitLab']
BlockDeviceMappings:
- DeviceName:
!If [DebianImage, xvda, !If [CentosImage, /dev/sda1, ' ']]
Ebs:
VolumeSize: 20
DeleteOnTermination: true
ImageId:
!If [DebianImage, 'ami-003f19e0e687de1cd', !If [CentosImage, 'ami-0083662ba17882949', ' ']]
IamInstanceProfile: !Ref ec2InstanceProfileDescribeInstance
KeyName: !Ref 'KeyName'
UserData:
'Fn::Base64':
!Sub |
#!/bin/sh
# #Based packages installation
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" >> /etc/apt/sources.list
apt-get update
apt-get -y install dirmngr --install-recommends
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
apt-get update
apt-get -y install ansible
# retrive ansible code and Docker installation with Ansible
apt-get -y install git
git clone https://github.com/diranetafen/cursus-devops.git
cd cursus-devops/ansible
ansible-galaxy install -r roles/requirements.yml
ansible-playbook install_docker.yml
usermod -aG docker admin
# AWSCLI 2.x.x installation
sudo apt-get install unzip -y
sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo unzip awscliv2.zip
sudo ./aws/install
# Retrieve private key AWS and setting permission
sudo echo ${PrivateKey} > /home/admin/sshkey
sudo sed -i 's/-----BEGIN RSA PRIVATE KEY-----//g;s/-----END RSA PRIVATE KEY-----//g;' /home/admin/sshkey
sudo cat /home/admin/sshkey | tr ' ' '\n' > /home/admin/ssh
sudo echo "-----BEGIN RSA PRIVATE KEY-----" > /home/admin/.sshkey
sudo sed '/^$/d' /home/admin/ssh >> /home/admin/.sshkey
sudo echo "-----END RSA PRIVATE KEY-----" >> /home/admin/.sshkey
sudo chmod 400 /home/admin/.sshkey
sudo rm -fr /home/admin/sshkey
sudo rm -fr /home/admin/ssh
# Get Public Hostname
GITLAB_EXTERNAL_HOSTNAME=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
sudo mkdir -p /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME
sudo mkdir -p /opt/gitlab/cert/
# Generate selfsigned certificate
sudo echo -e "\n\n\n\n\n"$GITLAB_EXTERNAL_HOSTNAME"\n" | openssl req -newkey rsa:4096 -nodes -sha256 -keyout /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.key -x509 -days 365 -out /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.crt
# Setting permissions for .crt and .key files
sudo chmod 600 /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.key
sudo chmod 600 /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.crt
# Copy certficate and key in folder GitLab
sudo cp /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.key /opt/gitlab/cert/$GITLAB_EXTERNAL_HOSTNAME.key
sudo cp /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.crt /opt/gitlab/cert/$GITLAB_EXTERNAL_HOSTNAME.crt
# Deployment GitLab CE with Docker and Ansible
ansible-playbook install_gitlab_ci.yml --extra-var "gitlab_external_hostname=$GITLAB_EXTERNAL_HOSTNAME"
# Remove key and rename certificate
sudo rm -f /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.key
sudo mv /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/$GITLAB_EXTERNAL_HOSTNAME.crt /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/ca.crt
# Get Private IP Address for Kubernest Master, Worker1 and Worker2
until KubernetesMasterPrivateIP=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PrivateIpAddress]" --filters Name=tag:Name,Values=KubernetesMaster Name=instance-state-name,Values=running --output text); do
if [ -z $KubernetesMasterPrivateIP ]; then
sudo /usr/local/bin/aws configure set region us-east-1
KubernetesMasterPrivateIP=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PrivateIpAddress]" --filters Name=tag:Name,Values=KubernetesMaster Name=instance-state-name,Values=running --output text)
fi
done
until KubernetesWorker1PrivateIP=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PrivateIpAddress]" --filters Name=tag:Name,Values=KubernetesWorker1 Name=instance-state-name,Values=running --output text); do
if [ -z $KubernetesWorker1PrivateIP ]; then
sudo /usr/local/bin/aws configure set region us-east-1
KubernetesWorker1PrivateIP=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PrivateIpAddress]" --filters Name=tag:Name,Values=KubernetesWorker1 Name=instance-state-name,Values=running --output text)
fi
done
until KubernetesWorker2PrivateIP=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PrivateIpAddress]" --filters Name=tag:Name,Values=KubernetesWorker2 Name=instance-state-name,Values=running --output text); do
if [ -z $KubernetesWorker2PrivateIP ]; then
sudo /usr/local/bin/aws configure set region us-east-1
KubernetesWorker2PrivateIP=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PrivateIpAddress]" --filters Name=tag:Name,Values=KubernetesWorker2 Name=instance-state-name,Values=running --output text)
fi
done
# Copy registry trust certificate on all nodes
until sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i "/home/admin/.sshkey" /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/ca.crt admin@$KubernetesMasterPrivateIP:/home/admin; do
if [ $? -ne 0 ]; then
sleep 2
fi
done
until sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i "/home/admin/.sshkey" /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/ca.crt admin@$KubernetesWorker1PrivateIP:/home/admin; do
if [ $? -ne 0 ]; then
sleep 2
fi
done
until sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i "/home/admin/.sshkey" /etc/docker/certs.d/$GITLAB_EXTERNAL_HOSTNAME/ca.crt admin@$KubernetesWorker2PrivateIP:/home/admin; do
if [ $? -ne 0 ]; then
sleep 2
fi
done
# Disable ssh timer
sudo sed -i 's/ClientAliveInterval 420/#ClientAliveInterval 420/g;s/ClientAliveInterval 120/#ClientAliveInterval 120/g;' /etc/ssh/sshd_config
sudo echo 'ClientAliveInterval 4' >> /etc/ssh/sshd_config
sudo echo 'ClientAliveCountMax 22' >> /etc/ssh/sshd_config
sudo systemctl restart sshd
# Setting vim editor
sed -i 's/if has('mouse')/"if has('mouse')/g;s/set mouse=a/"set mouse=a/g;' /usr/share/vim/vim80/defaults.vim
ElasticIPGitLabServer:
Type: AWS::EC2::EIP
Properties:
Tags:
- Key: Name
Value: 'EIP GitLabServer'
ElasticIPAssignmentGitLabServer:
Type: AWS::EC2::EIPAssociation
Properties:
EIP: !Ref ElasticIPGitLabServer
InstanceId: !Ref GitLabServer
InstanceSecurityGroupGitLab:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: 'Rules GitLabServer'
GroupDescription: Enable SSH access via port 22, 80, 8080, 8443 and 2222
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 8443
ToPort: 8443
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 8080
ToPort: 8080
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 2222
ToPort: 2222
CidrIp: !Ref 'SSHLocation'
KubernetesMaster:
Type: AWS::EC2::Instance
Properties:
Tags:
- Key: Name
Value: 'KubernetesMaster'
InstanceType: !Ref 'InstanceTypeKubernetesMaster'
SecurityGroups: [!Ref 'InstanceSecurityGroupKubernetesMaster']
BlockDeviceMappings:
- DeviceName:
!If [DebianImage, xvda, !If [CentosImage, /dev/sda1, ' ']]
Ebs:
VolumeSize: 20
DeleteOnTermination: true
KeyName: !Ref 'KeyName'
IamInstanceProfile: !Ref ec2InstanceProfileDescribeInstance
ImageId:
!If [DebianImage, 'ami-003f19e0e687de1cd', !If [CentosImage, 'ami-0083662ba17882949', ' ']]
UserData:
'Fn::Base64':
!Sub |
#!/bin/bash
#Based packages installation
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" >> /etc/apt/sources.list
apt-get update
apt-get -y install dirmngr --install-recommends
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt-get -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
sudo apt-get update
sudo apt-get -y install snapd
sudo snap install core
sudo snap install fluxctl --classic
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
sudo su
sudo apt-get -y install snapd
# Setting hostname
sudo hostnamectl set-hostname master
sudo sed -i 's/127.0.0.1 localhost/127.0.0.1 localhost master/g;' /etc/hosts
# Docker installation
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo usermod -a -G docker admin
# AWSCLI 2.x.x installation
sudo apt-get install unzip -y
sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo unzip awscliv2.zip
sudo ./aws/install
# Kubernetes installation
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
sudo systemctl daemon-reload
sudo systemctl restart kubelet
# Kubernetes cluster initialisation
sudo kubeadm init
sudo mkdir -p /root/.kube
sudo cp -i /etc/kubernetes/admin.conf /root/.kube/config
sudo chown $(id -u):$(id -g) /root/.kube/config
# Generate command for worker nodes
sudo kubeadm token create --print-join-command > /home/admin/join-cluster-command
# Deploy weave network
sudo kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
# Enable autocompletion for kubectl
sudo echo 'source <(kubectl completion bash)' >> /root/.bashrc && source /root/.bashrc
sudo echo 'source <(kubectl completion bash)' >> /home/admin/.bashrc && source /home/admin/.bashrc
# Retrieve private key AWS and setting permission
sudo echo ${PrivateKey} > /home/admin/sshkey
sudo sed -i 's/-----BEGIN RSA PRIVATE KEY-----//g;s/-----END RSA PRIVATE KEY-----//g;' /home/admin/sshkey
sudo cat /home/admin/sshkey | tr ' ' '\n' > /home/admin/ssh
sudo echo "-----BEGIN RSA PRIVATE KEY-----" > /home/admin/.sshkey
sudo sed '/^$/d' /home/admin/ssh >> /home/admin/.sshkey
sudo echo "-----END RSA PRIVATE KEY-----" >> /home/admin/.sshkey
sudo chmod 400 /home/admin/.sshkey
sudo rm -fr /home/admin/sshkey
sudo rm -fr /home/admin/ssh
# Copy kuberntes join command on worker nodes
sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i "/home/admin/.sshkey" /home/admin/join-cluster-command admin@${KubernetesWorker1.PrivateIp}:/home/admin
sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i "/home/admin/.sshkey" /home/admin/join-cluster-command admin@${KubernetesWorker2.PrivateIp}:/home/admin
# Desactivate ssh timer
sudo sed -i 's/ClientAliveInterval 420/#ClientAliveInterval 420/g;s/ClientAliveInterval 120/#ClientAliveInterval 120/g;' /etc/ssh/sshd_config
sudo echo 'ClientAliveInterval 4' >> /etc/ssh/sshd_config
sudo echo 'ClientAliveCountMax 22' >> /etc/ssh/sshd_config
sudo systemctl restart sshd
# Setting vim editor
sudo sed -i 's/if has('mouse')/"if has('mouse')/g;s/set mouse=a/"set mouse=a/g;' /usr/share/vim/vim80/defaults.vim
# Get Pubic DNS Name of intanvce Gitlab
GitlabPublicDnsName=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PublicDnsName]" --filters Name=tag:Name,Values=GitLabServer Name=instance-state-name,Values=running --output text)
# Move certificate file in appropriate folder
sudo mkdir -p /etc/docker/certs.d/$GitlabPublicDnsName
while [ ! -f /home/admin/ca.crt ]; do sleep 2 ; done
sudo mv /home/admin/ca.crt /etc/docker/certs.d/$GitlabPublicDnsName
ElasticIPKubernetesMaster:
Type: AWS::EC2::EIP
Properties:
Tags:
- Key: Name
Value: 'EIP KubernetesMaster'
ElasticIPAssignmentKubernetesMaster:
Type: AWS::EC2::EIPAssociation
Properties:
EIP: !Ref ElasticIPKubernetesMaster
InstanceId: !Ref KubernetesMaster
InstanceSecurityGroupKubernetesMaster:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: 'Security Rules for Kubernetes Master'
GroupDescription: Kubernetes Master
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 6443
ToPort: 6443
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 2379
ToPort: 2380
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 10250
ToPort: 10252
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 8080
ToPort: 8080
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 6781
ToPort: 6784
CidrIp: !Ref 'SSHLocation'
- IpProtocol: udp
FromPort: 6783
ToPort: 6784
CidrIp: !Ref 'SSHLocation'
KubernetesWorker1:
Type: AWS::EC2::Instance
Properties:
Tags:
- Key: Name
Value: 'KubernetesWorker1'
InstanceType: !Ref 'InstanceTypeKubernetesWorker'
SecurityGroups: [!Ref 'InstanceSecurityGroupKubernetesWorker']
BlockDeviceMappings:
- DeviceName:
!If [DebianImage, xvda, !If [CentosImage, /dev/sda1, ' ']]
Ebs:
VolumeSize: 20
DeleteOnTermination: true
KeyName: !Ref 'KeyName'
IamInstanceProfile: !Ref ec2InstanceProfileDescribeInstance
ImageId:
!If [DebianImage, 'ami-003f19e0e687de1cd', !If [CentosImage, 'ami-0083662ba17882949', ' ']]
UserData:
'Fn::Base64':
!Sub |
#!/bin/bash
#Based packages installation
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" >> /etc/apt/sources.list
apt-get update
apt-get -y install dirmngr --install-recommends
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt-get -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
sudo apt-get update
# Setting hostname
sudo hostnamectl set-hostname worker1
sudo sed -i 's/127.0.0.1 localhost/127.0.0.1 localhost worker1/g;' /etc/hosts
# Docker installation
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo usermod -a -G docker admin
# AWSCLI 2.x.x installation
sudo apt-get install unzip -y
sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo unzip awscliv2.zip
sudo ./aws/install
# Kubernetes installation
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
sudo systemctl daemon-reload
sudo systemctl restart kubelet
# Enable autocompletion for kubectl
sudo echo 'source <(kubectl completion bash)' >> /root/.bashrc && source /root/.bashrc
sudo echo 'source <(kubectl completion bash)' >> /home/admin/.bashrc && source /home/admin/.bashrc
# Desactivate ssh timer
sudo sed -i 's/ClientAliveInterval 420/#ClientAliveInterval 420/g;s/ClientAliveInterval 120/#ClientAliveInterval 120/g;' /etc/ssh/sshd_config
sudo echo 'ClientAliveInterval 4' >> /etc/ssh/sshd_config
sudo echo 'ClientAliveCountMax 22' >> /etc/ssh/sshd_config
sudo systemctl restart sshd
# Setting vim editor
sudo sed -i 's/if has('mouse')/"if has('mouse')/g;s/set mouse=a/"set mouse=a/g;' /usr/share/vim/vim80/defaults.vim
# Join Kuberneter cluster
while [ ! -f /home/admin/join-cluster-command ]; do sleep 2 ; done
JOINCLUSTERCOMMAND=$(cat /home/admin/join-cluster-command)
sudo $JOINCLUSTERCOMMAND
# Get Pubic DNS Name of intanvce Gitlab
sudo /usr/local/bin/aws configure set region us-east-1
GitlabPublicDnsName=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PublicDnsName]" --filters Name=tag:Name,Values=GitLabServer Name=instance-state-name,Values=running --output text)
# Move certificate file in appropriate folder
sudo mkdir -p /etc/docker/certs.d/$GitlabPublicDnsName
while [ ! -f /home/admin/ca.crt ]; do sleep 2 ; done
sudo mv /home/admin/ca.crt /etc/docker/certs.d/$GitlabPublicDnsName
ElasticIPKubernetesWorker1:
Type: AWS::EC2::EIP
Properties:
Tags:
- Key: Name
Value: 'EIP KubernetesWorker1'
ElasticIPAssignmentKubernetesWorker1:
Type: AWS::EC2::EIPAssociation
Properties:
EIP: !Ref ElasticIPKubernetesWorker1
InstanceId: !Ref KubernetesWorker1
KubernetesWorker2:
Type: AWS::EC2::Instance
Properties:
Tags:
- Key: Name
Value: 'KubernetesWorker2'
InstanceType: !Ref 'InstanceTypeKubernetesWorker'
SecurityGroups: [!Ref 'InstanceSecurityGroupKubernetesWorker']
BlockDeviceMappings:
- DeviceName:
!If [DebianImage, xvda, !If [CentosImage, /dev/sda1, ' ']]
Ebs:
VolumeSize: 20
DeleteOnTermination: true
KeyName: !Ref 'KeyName'
IamInstanceProfile: !Ref ec2InstanceProfileDescribeInstance
ImageId:
!If [DebianImage, 'ami-003f19e0e687de1cd', !If [CentosImage, 'ami-0083662ba17882949', ' ']]
UserData:
'Fn::Base64':
!Sub |
#!/bin/bash
#Based packages installation
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" >> /etc/apt/sources.list
apt-get update
apt-get -y install dirmngr --install-recommends
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt-get -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
sudo apt-get update
# Setting hostname
sudo hostnamectl set-hostname worker2
sudo sed -i 's/127.0.0.1 localhost/127.0.0.1 localhost worker2/g;' /etc/hosts
# Docker installation
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo usermod -a -G docker admin
# AWSCLI 2.x.x installation
sudo apt-get install unzip -y
sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo unzip awscliv2.zip
sudo ./aws/install
# Kubernetes installation
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
sudo systemctl daemon-reload
sudo systemctl restart kubelet
# Enable autocompletion for kubectl
sudo echo 'source <(kubectl completion bash)' >> /root/.bashrc && source /root/.bashrc
sudo echo 'source <(kubectl completion bash)' >> /home/admin/.bashrc && source /home/admin/.bashrc
# Desactivate ssh timer
sudo sed -i 's/ClientAliveInterval 420/#ClientAliveInterval 420/g;s/ClientAliveInterval 120/#ClientAliveInterval 120/g;' /etc/ssh/sshd_config
sudo echo 'ClientAliveInterval 4' >> /etc/ssh/sshd_config
sudo echo 'ClientAliveCountMax 22' >> /etc/ssh/sshd_config
sudo systemctl restart sshd
# Setting vim editor
sudo sed -i 's/if has('mouse')/"if has('mouse')/g;s/set mouse=a/"set mouse=a/g;' /usr/share/vim/vim80/defaults.vim
# Join Kuberneter cluster
while [ ! -f /home/admin/join-cluster-command ]; do sleep 2 ; done
JOINCLUSTERCOMMAND=$(cat /home/admin/join-cluster-command)
sudo $JOINCLUSTERCOMMAND
# Get Pubic DNS Name of intanvce Gitlab
sudo /usr/local/bin/aws configure set region us-east-1
GitlabPublicDnsName=$(/usr/local/bin/aws ec2 describe-instances --query "Reservations[*].Instances[*].[PublicDnsName]" --filters Name=tag:Name,Values=GitLabServer Name=instance-state-name,Values=running --output text)
# Move certificate file in appropriate folder
sudo mkdir -p /etc/docker/certs.d/$GitlabPublicDnsName
while [ ! -f /home/admin/ca.crt ]; do sleep 2 ; done
sudo mv /home/admin/ca.crt /etc/docker/certs.d/$GitlabPublicDnsName
ElasticIPKubernetesWorker2:
Type: AWS::EC2::EIP
Properties:
Tags:
- Key: Name
Value: 'EIP KubernetesWorker2'
ElasticIPAssignmentKubernetesWorker2:
Type: AWS::EC2::EIPAssociation
Properties:
EIP: !Ref ElasticIPKubernetesWorker2
InstanceId: !Ref KubernetesWorker2
InstanceSecurityGroupKubernetesWorker:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: 'Security Rules for Kubernetes Worker'
GroupDescription: Kubernetes workers
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 3030
ToPort: 3031
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 6781
ToPort: 6784
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 10250
ToPort: 10250
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 11211
ToPort: 11211
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: 30000
ToPort: 32767
CidrIp: !Ref 'SSHLocation'
- IpProtocol: udp
FromPort: 6783
ToPort: 6784
CidrIp: !Ref 'SSHLocation'
Outputs:
InstanceId:
Description: InstanceId of the newly created EC2 instance
Value: !Ref 'GitLabServer'
Value: !Ref 'KubernetesMaster'
Value: !Ref 'KubernetesWorker1'
Value: !Ref 'KubernetesWorker2'
AZ:
Description: Availability Zone of the newly created EC2 instance
Value: !GetAtt [GitLabServer, AvailabilityZone]
Value: !GetAtt [KubernetesMaster, AvailabilityZone]
Value: !GetAtt [KubernetesWorker1, AvailabilityZone]
Value: !GetAtt [KubernetesWorker2, AvailabilityZone]
PublicDNS:
Description: Public DNSName of the newly created EC2 instance
Value: !GetAtt [GitLabServer, PublicDnsName]
Value: !GetAtt [KubernetesMaster, PublicDnsName]
Value: !GetAtt [KubernetesWorker1, PublicDnsName]
Value: !GetAtt [KubernetesWorker2, PublicDnsName]
PublicIP:
Description: Public IP address of the newly created EC2 instance
Value: !GetAtt [GitLabServer, PublicIp]
Value: !GetAtt [KubernetesMaster, PublicIp]
Value: !GetAtt [KubernetesWorker1, PublicIp]
Value: !GetAtt [KubernetesWorker2, PublicIp]