Ctrlk

Setup

Prerequisites

Setup

Run terraform init
Provide required variables in local variable file
Generate public/private keys and save locally (update variables file)

# ES512
# private key
$ openssl ecparam -genkey -name secp521r1 -noout -out ecdsa-p521-private.pem
# public key
$ openssl ec -in ecdsa-p521-private.pem -pubout -out ecdsa-p521-public.pem

Run terraform apply
Create an IAM account with permissions to access Secrets Manager

Save the account's Access Credentials to a Kubernetes secret:

$ echo -n 'ACCESS_KEY_ID' > ./access-key
$ echo -n 'SECRET_ACCESS_KEY' > ./secret-access-key
$ kubectl create secret generic awssm-secret --from-file=./access-key  --from-file=./secret-access-key

Install external-secrets

helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
  --set installCRDs=true

Install Metrics Server

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

If the above does not work, try the local backup (using insecure TLS)

kubectl apply -f kube/metrics

Set ACM Certificate ARN in the Ingress spec
Copy Load Balancer DNS address to a DNS record to direct traffic to the cluster
Create .env using output

The below steps are deprecated. These are only for use on older clusters.

Install ingress-nginx

helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace \
  --set rbac.create=true \
  --set controller.service.type=LoadBalancer \
  --set controller.service.externalTrafficPolicy=Local \
  --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-proxy-protocol"="*" \
  --set controller.config.use-proxy-protocol="true"

~~Install cert manager~~

$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.crds.yaml
$ helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.8.0 \
  # --set installCRDs=true

Install Teleport

# Add teleport helm repo
$ helm repo add teleport https://charts.releases.teleport.dev

# Set the variables
$ PROXY_ENDPOINT='dev.chelsea-apps.com:443'
$ JOIN_TOKEN='staticToken'
$ KUBERNETES_CLUSTER_NAME='clusterName'

# Install the teleport agent using helm
$ helm install teleport-agent teleport/teleport-kube-agent \
  --create-namespace \
  --namespace teleport-agent \
  --set roles=kube \
  --set proxyAddr=${PROXY_ENDPOINT?} \
  --set authToken=${JOIN_TOKEN?} \
  --set kubeClusterName=${KUBERNETES_CLUSTER_NAME?}

PreviousBackend NextAutoscaling

Last updated 3 years ago

Was this helpful?

hashtagSetup

Setup