Setup Gardener on AWS to Manage Kubernetes in Multi-Cloud

maradwan

Mohamed Radwan

Posted on May 16, 2022

Setup Gardener on AWS to Manage Kubernetes in Multi-Cloud

In this article, I am going to show you how to set up Gardener on AWS to manage Kubernetes Clusters in Multi-Cloud.

Note:
If you are using more than +1000 Kubernetes clusters, Gardener is a good choice.
This article has more information "Manage Kubernetes at scale in Multi Cloud"

Steps

The machine I am using is Debian 10 on the EC2.

1- Connect to the EKS cluster by

aws eks --region YOUR_REGION update-kubeconfig --name YOUR_CLUSTER

Enter fullscreen mode Exit fullscreen mode

2- In the EKS cluster, Gardener needs to install Vertical Pod Autoscaler.
3- Creating a Service Account for Your Cluster

kubectl -n kube-system create serviceaccount kubeconfig-sa
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kubeconfig-sa
TOKENNAME=`kubectl -n kube-system get serviceaccount/kubeconfig-sa -o jsonpath='{.secrets[0].name}'`
TOKEN=`kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}'| base64 -d`
kubectl config set-credentials kubeconfig-sa --token=$TOKEN
kubectl config set-context --current --user=kubeconfig-sa
kubectl get pods
Enter fullscreen mode Exit fullscreen mode

4- Clone sow and landscape

git clone "https://github.com/gardener/sow"
cd sow
export PATH=$PATH:$PWD/docker/bin
cd ..
mkdir landscape
cd landscape
git clone "https://github.com/gardener/garden-setup" crop
Enter fullscreen mode Exit fullscreen mode

5- Create kubeconfig by copy ./kube/config to ./kubeconfig

cp /home/admin/.kube/config /home/admin/gardener/landscape/kubeconfig

Enter fullscreen mode Exit fullscreen mode

6- Create acre.yaml into /home/admin/gardener/landscape/acre.yaml

Add the following configuration:

landscape:
  name: aws-gardener
  domain: example.com
  cluster: # information about your base cluster
    kubeconfig: ./kubeconfig # path to your `kubeconfig` file
    networks: # CIDR IP ranges of base cluster
      nodes: 10.0.0.0/19
      pods: 10.1.0.0/19
      services: 172.20.0.0/16
  iaas:
    - name: aws-gardener-seed # name of the seed
      type: aws # iaas provider
      region: eu-central-1 # region for initial seed
      zones:
        - eu-central-1a
        - eu-central-1b
        - eu-central-1c
      credentials:
         accessKeyID: XXX
         secretAccessKey: XXX

  etcd: # optional, default values based on `landscape.iaas`
    backup:
      type: s3 # type of blob storage
      region: (( iaas.aws-gardener-seed.region ))
      credentials: (( iaas.aws-gardener-seed.credentials ))

  dns: # optional, default values based on `landscape.iaas`
    type: aws-route53 # dns provider
    credentials: (( iaas.aws-gardener-seed.credentials ))

  identity:
    users:
      - email: Your-Email@example.com # email (used for Gardener login)
        username: admin # username (displayed in Gardener dashboard)
        password: XXXX #(used for Gardener login)

    cert-manager:
      email: Your-Email@example.com # email for acme registration
      server: self-signed # which kind of certificates to use for the dashboard/identity ingress (defaults to `self-signed`)

Enter fullscreen mode Exit fullscreen mode

7- Test the configuration (acre.yaml) by

admin@ec2:~/gardener/landscape$ sow order -A
Enter fullscreen mode Exit fullscreen mode

8- Deploy Gardener

admin@ec2:~/gardener/landscape$ sow deploy -A
Enter fullscreen mode Exit fullscreen mode

9- You will get the URL of the Gardener dashboard, like this picture

Dashboard

Option: if you want Gardener to support other cloud providers like GCP or Azure, you need to add the following in acre.yaml at step 6, below iaas section.

For Azure:

    - name: azure-seed 
      type: azure 
      region: XXXX 
      credentials:
        clientID: "XXXXXX"
        clientSecret: "XXXXXXX"
        subscriptionID: "XXXXXXXX"
        tenantID: "XXXXXXXX"

      cluster:
        kubeconfig: ./azure/kubeconfig # path to your `kubeconfig` file
        networks:
          nodes: 10.242.0.0/19
          pods: 10.243.128.0/17
          services: 10.243.0.0/17
Enter fullscreen mode Exit fullscreen mode

For GCP:

    - name: gcp-seed
      type: gcp
      region: XXXX
      zones:
        - (( region "-a"))
        - (( region "-b"))
        - (( region "-c"))
      credentials:
        serviceaccount.json: |
          {

          "type": "service_account",
          "project_id": "XX",
          "private_key_id": "XX",
          "private_key":   "XX",
          "client_email": "XXX",
          "client_id": "XX",
          "auth_uri": "https://accounts.google.com/o/oauth2/auth",
          "token_uri": "https://oauth2.googleapis.com/token",
          "auth_provider_x509_cert_url": "XX",
          "client_x509_cert_url": "XX"
          }

      cluster:
        kubeconfig: ./gcp/kubeconfig
        networks:
          nodes: "10.1.0.0/16" 
          pods: "10.2.0.0/19" 
          services: "172.21.0.0/16"
Enter fullscreen mode Exit fullscreen mode

Sources:
https://news.sap.com/germany/2018/11/cloud-kubernetes-hpfa/

💖 💪 🙅 🚩
maradwan
Mohamed Radwan

Posted on May 16, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related