2021 Fillmore Street #1128

}

24/7 solutions

Top 10 Cloud Providers

Managing your AWS Kubernetes Cluster from the Command Line

How to manage AWS Kubernetes clusters on command line

AWS Kubernetes can be managed via the command line through the use of a combination of aws-cli, kubectl, and aws-okta. These instructions primarily apply to AWS EKS.

To install these command line interfaces on your Mac OS X, use Homebrew.
brew install awscli
Next, use Homebrew to install kubectl.
brew install kubernetes-cli
If you’re like most enterprises and your leveraging Okta, then you’ll need to install the aws-okta cli as well. Aws-okta will require you to setup your Two-Factor Authentication (2FA) as Okta will send push notifications asking for permission to execute commands on your cluster.
brew install aws-okta

Set up AWS Okta configuration

Next, you’ll need to set up your AWS okta configuration for your profile. Your Okta administrator will need to provision you with the AWS App Embed URL from the General tab of the AWS application in your Okta org.

You’ll navigate to ~/.aws/config, to set the aws_saml_url. Your Okta admin also should provision you with a profile. Your configuration in ~/.aws/config should end up looking like:

aws_saml_url = home/amazon_aws/0oakkzcxxxxk5Dnvv0xx/272
role_arn = arn:aws:iam::557625315111:role/Allcode-Admin
After you’ve configured your .~/aws/config, try to run the following command:
aws-okta exec allcode-devops — kubectl
You may encounter the following error:
aws-okta exec allcode-devops — kubectl

getting creds via SAML: Okta credentials are not in your keyring. Please make sure you have added okta credentials with `aws-okta add`
You will want to run ‘aws-okta add’ to specify your Okta configuration. When you run aws-okta add, you will need to perform MFA on your phone, we use
Duo for this.
Once you have been verified, then you’ll notice that typing this command becomes painful, our recommendation is to setup an alias.
alias k8s-ac=”aws-okta exec allcode-devops — kubectl”

Alternatively, you can setup bash scripts. Remember the alias cannot be referenced in bash scripts. Below is an example of the contents of a bash script entitled get_pods.sh to get all of the available pods:

aws-okta exec allcode-devops — kubectl get pods
Invoking get pods will provide you with a list of all of the pods that are currently active in the cluster. You will use the name of the pod to invoke specific operations on a pod.

Name Ready Status Restarts Age
website-1560438000-95nvl 0/1 Completed 0 8h
app-server-k68kt 0/1 Completed 0 2m45s
rds-client-gkrlj 0/1 Completed 0 105s

Leveraging your pods

Once you have the list of pods, you can then perform a number of operations from the command line directly against the pod using kubectl.

In certain situations, we will want to use the labels from the yaml spec, to get details on the pod. To learn more about a specific pod, I’ll write a little script entitled describe_backend.sh, which will give me all of the details on a specific pod:

aws-okta exec allcode-devops — kubectl describe deployment $1
The output results from the describe invocation will consist of a plethora of information including the label of the node, replicas, environment variables, etc.

Name: backend
Namespace: default
CreationTimestamp: Thu, 30 May 2019 09:06:13 -0700
Labels: app=backend
Annotations: deployment.kubernetes.io/revision: 9
Selector: app=backend
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 25% max unavailable, 25% max surge
Pod Template:
Labels app=backend
Containers: backend:
Image: 557625311111.dkr.ecr.us-west-2.amazonaws.com/backend:0.3.3
Port: 8080/TCP
Host Port: 0/TCP
Environment:
Mongo_DB: AllCodeDatabase

Another one of our bash shell scripts will enable us to get a bash shell into the pod, so we can navigate to the logs or explore the health of the pod. The contents of my connect_bash.sh will look like the following where $1 will be the output from the get pods invocation.
aws-okta exec allcode-devops — kubectl exec -it $1 — /bin/bash
The command line invocation will result in a bash cli into the pod without going through the VPN! Helpful!
./connect_bash.sh backend-7d5f74d95f-vq111
[email protected]:/#

Related Articles

AWS Jumpstart Program

AWS Jumpstart Program

Do you have a startup that’s looking to build a mobile application or SaaS Platform on Amazon Web Services? Are you thinking about using AWS Services for Analytics, IOT, Machine Learning, Containers or Non-Relational Database? If the answer to both of these questions is yes then work with AllCode. We’re an AWS Consulting Partner who specializes in building out these types of applications. More importantly, AllCode is one of the select few partners that is a member of the AWS Jumpstart Program.

AWS Partner Service Tiers

AWS Partner Service Tiers

This is a status to indicate an organization has proven technical expertise that is directly compatible with AWS tools. It’s a great way to give an organization added value and there are plenty of advantages from advancing through the tiers, from funding to additional resources to funding and additional materials for marketing. The jump from one tier to another is dependent on how many certified individuals are in the organization and their relative experience working with Amazon Services.

Which AWS Certification Should You Get?

Which AWS Certification Should You Get?

Amazon Web Services cloud technology is a continuously growing field with plenty of opportunities on offer. While the inner workings of the cloud is not knowledge that can be easily picked up and utilized, the AWS cloud is not completely esoteric either. Amazon provides several different avenues for becoming certified in how to work with AWS with study material and exams to pursue as a means of further expanding potential business opportunities.

Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.