In this article, I am going to show you how to set up Gardener on AWS to manage Kubernetes Clusters in Multi-Cloud.
Note:
If you are using more than +1000 Kubernetes clusters, Gardener is a good choice.
This article has more information "Manage Kubernetes at scale in Multi Cloud"
Steps
The machine I am using is Debian 10 on the EC2.
1- Connect to the EKS cluster by
aws eks --region YOUR_REGION update-kubeconfig --name YOUR_CLUSTER
2- In the EKS cluster, Gardener needs to install Vertical Pod Autoscaler.
3- Creating a Service Account for Your Cluster
kubectl -n kube-system create serviceaccount kubeconfig-sa
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kubeconfig-sa
TOKENNAME=`kubectl -n kube-system get serviceaccount/kubeconfig-sa -o jsonpath='{.secrets[0].name}'`
TOKEN=`kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}'| base64 -d`
kubectl config set-credentials kubeconfig-sa --token=$TOKEN
kubectl config set-context --current --user=kubeconfig-sa
kubectl get pods
4- Clone sow and landscape
git clone "https://github.com/gardener/sow"
cd sow
export PATH=$PATH:$PWD/docker/bin
cd ..
mkdir landscape
cd landscape
git clone "https://github.com/gardener/garden-setup" crop
5- Create kubeconfig by copy ./kube/config to ./kubeconfig
cp /home/admin/.kube/config /home/admin/gardener/landscape/kubeconfig
6- Create acre.yaml into /home/admin/gardener/landscape/acre.yaml
Add the following configuration:
landscape:
name: aws-gardener
domain: example.com
cluster: # information about your base cluster
kubeconfig: ./kubeconfig # path to your `kubeconfig` file
networks: # CIDR IP ranges of base cluster
nodes: 10.0.0.0/19
pods: 10.1.0.0/19
services: 172.20.0.0/16
iaas:
- name: aws-gardener-seed # name of the seed
type: aws # iaas provider
region: eu-central-1 # region for initial seed
zones:
- eu-central-1a
- eu-central-1b
- eu-central-1c
credentials:
accessKeyID: XXX
secretAccessKey: XXX
etcd: # optional, default values based on `landscape.iaas`
backup:
type: s3 # type of blob storage
region: (( iaas.aws-gardener-seed.region ))
credentials: (( iaas.aws-gardener-seed.credentials ))
dns: # optional, default values based on `landscape.iaas`
type: aws-route53 # dns provider
credentials: (( iaas.aws-gardener-seed.credentials ))
identity:
users:
- email: Your-Email@example.com # email (used for Gardener login)
username: admin # username (displayed in Gardener dashboard)
password: XXXX #(used for Gardener login)
cert-manager:
email: Your-Email@example.com # email for acme registration
server: self-signed # which kind of certificates to use for the dashboard/identity ingress (defaults to `self-signed`)
7- Test the configuration (acre.yaml) by
admin@ec2:~/gardener/landscape$ sow order -A
8- Deploy Gardener
admin@ec2:~/gardener/landscape$ sow deploy -A
9- You will get the URL of the Gardener dashboard, like this picture
Option: if you want Gardener to support other cloud providers like GCP or Azure, you need to add the following in acre.yaml at step 6, below iaas section.
For Azure:
- name: azure-seed
type: azure
region: XXXX
credentials:
clientID: "XXXXXX"
clientSecret: "XXXXXXX"
subscriptionID: "XXXXXXXX"
tenantID: "XXXXXXXX"
cluster:
kubeconfig: ./azure/kubeconfig # path to your `kubeconfig` file
networks:
nodes: 10.242.0.0/19
pods: 10.243.128.0/17
services: 10.243.0.0/17
For GCP:
- name: gcp-seed
type: gcp
region: XXXX
zones:
- (( region "-a"))
- (( region "-b"))
- (( region "-c"))
credentials:
serviceaccount.json: |
{
"type": "service_account",
"project_id": "XX",
"private_key_id": "XX",
"private_key": "XX",
"client_email": "XXX",
"client_id": "XX",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "XX",
"client_x509_cert_url": "XX"
}
cluster:
kubeconfig: ./gcp/kubeconfig
networks:
nodes: "10.1.0.0/16"
pods: "10.2.0.0/19"
services: "172.21.0.0/16"
Sources:
https://news.sap.com/germany/2018/11/cloud-kubernetes-hpfa/
Top comments (0)