Mozilla InfoSec Reference Implementation of Kubernetes
Turning up a cluster for N00Bz
Requirements
Exports
export STAGE=prod
export AWS_REGION=us-west-2
export KOPS_STATE_STORE=s3://kops.infra.iam.mozilla.com
Learn All the things
Docs:
- Why does this exist?
- How to develop against the ansible play
- Security Considerations
- Cluster Defaults
Creating a Cluster
ansible-playbook -c local ansible/find_or_create_single.yml -e clustername=${NAME}
Deleting a Cluster
ansible-playbook -c local ansible/delete_single.yml -e clustername=${NAME}
Exporting Admin Creds
kops export kubecfg
Note that this decrypts and fetches the admin credential for the entire cluster. Use RBAC for everything except setting up RBAC.
Deploying the Kubernetes Dashboard
Note: this may have been deployed for you depending on the state of our cluster defaults.
### From the cluster context. ( You loaded the secrets )
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.8.3/src/deploy/recommended/kubernetes-dashboard.yaml
kops get secrets kube --type secret -oplaintext
The username is admin and the password you've just retrieved from the secret store.
The url is https://api.{$NAME}