a
aws kubernete 1

Managing your AWS Kubernetes Cluster from the Command Line

Joel Garcia Joel Garcia has been building AllCode since 2015. He’s an innovative, hands-on executive with a proven record of designing, developing, and operating Software-as-a-Service (SaaS), mobile, and desktop solutions. Joel has expertise in HealthTech, VoIP, and cloud-based solutions. Joel has experience scaling multiple start-ups for successful exits to IMS Health and Golden Gate Capital, […]

How to manage AWS Kubernetes clusters on command line

AWS Kubernetes can be managed via the command line through the use of a combination of aws-cli, kubectl, and aws-okta. These instructions primarily apply to AWS EKS.

To install these command line interfaces on your Mac OS X, use Homebrew.
brew install awscli
Next, use Homebrew to install kubectl.
brew install kubernetes-cli
If you’re like most enterprises and your leveraging Okta, then you’ll need to install the aws-okta cli as well. Aws-okta will require you to setup your Two-Factor Authentication (2FA) as Okta will send push notifications asking for permission to execute commands on your cluster.
brew install aws-okta

Set up AWS Okta configuration

Next, you’ll need to set up your AWS okta configuration for your profile. Your Okta administrator will need to provision you with the AWS App Embed URL from the General tab of the AWS application in your Okta org.

You’ll navigate to ~/.aws/config, to set the aws_saml_url. Your Okta admin also should provision you with a profile. Your configuration in ~/.aws/config should end up looking like:

aws_saml_url = home/amazon_aws/0oakkzcxxxxk5Dnvv0xx/272
role_arn = arn:aws:iam::557625315111:role/Allcode-Admin
After you’ve configured your .~/aws/config, try to run the following command:
aws-okta exec allcode-devops — kubectl
You may encounter the following error:
aws-okta exec allcode-devops — kubectl

getting creds via SAML: Okta credentials are not in your keyring. Please make sure you have added okta credentials with `aws-okta add`
You will want to run ‘aws-okta add’ to specify your Okta configuration. When you run aws-okta add, you will need to perform MFA on your phone, we use
Duo for this.
Once you have been verified, then you’ll notice that typing this command becomes painful, our recommendation is to setup an alias.
alias k8s-ac=”aws-okta exec allcode-devops — kubectl”

Alternatively, you can setup bash scripts. Remember the alias cannot be referenced in bash scripts. Below is an example of the contents of a bash script entitled get_pods.sh to get all of the available pods:

aws-okta exec allcode-devops — kubectl get pods
Invoking get pods will provide you with a list of all of the pods that are currently active in the cluster. You will use the name of the pod to invoke specific operations on a pod.

Name Ready Status Restarts Age
website-1560438000-95nvl 0/1 Completed 0 8h
app-server-k68kt 0/1 Completed 0 2m45s
rds-client-gkrlj 0/1 Completed 0 105s

Leveraging your pods

Once you have the list of pods, you can then perform a number of operations from the command line directly against the pod using kubectl.

In certain situations, we will want to use the labels from the yaml spec, to get details on the pod. To learn more about a specific pod, I’ll write a little script entitled describe_backend.sh, which will give me all of the details on a specific pod:

aws-okta exec allcode-devops — kubectl describe deployment $1
The output results from the describe invocation will consist of a plethora of information including the label of the node, replicas, environment variables, etc.

Name: backend
Namespace: default
CreationTimestamp: Thu, 30 May 2019 09:06:13 -0700
Labels: app=backend
Annotations: deployment.kubernetes.io/revision: 9
Selector: app=backend
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 25% max unavailable, 25% max surge
Pod Template:
Labels app=backend
Containers: backend:
Image: 557625311111.dkr.ecr.us-west-2.amazonaws.com/backend:0.3.3
Port: 8080/TCP
Host Port: 0/TCP
Environment:
Mongo_DB: AllCodeDatabase

Another one of our bash shell scripts will enable us to get a bash shell into the pod, so we can navigate to the logs or explore the health of the pod. The contents of my connect_bash.sh will look like the following where $1 will be the output from the get pods invocation.
aws-okta exec allcode-devops — kubectl exec -it $1 — /bin/bash
The command line invocation will result in a bash cli into the pod without going through the VPN! Helpful!
./connect_bash.sh backend-7d5f74d95f-vq111
root@backend-7d5f74d95f-vq111:/#

Joel Garcia
Joel Garcia

Joel Garcia has been building AllCode since 2015. He’s an innovative, hands-on executive with a proven record of designing, developing, and operating Software-as-a-Service (SaaS), mobile, and desktop solutions. Joel has expertise in HealthTech, VoIP, and cloud-based solutions. Joel has experience scaling multiple start-ups for successful exits to IMS Health and Golden Gate Capital, as well as working at mature, industry-leading software companies. He’s held executive engineering positions in San Francisco at TidalWave, LittleCast, Self Health Network, LiveVox acquired by Golden Gate Capital, and Med-Vantage acquired by IMS Health.

Related Articles

AWS Snowflake Data Warehouse Pricing Guide

AWS Snowflake Data Warehouse Pricing Guide

AWS Snowflake Data Warehouse – or just Snowflake – is a data cloud built for users to mobilize, centralize, and process large quantities of data. Regardless of how many sources are connected to Snowflake or the user’s preferred type of organized data used, data is easily stored and controllably shared with selectively-authorized access. Snowflake does offer extensive control over its pricing, though how it works isn’t always clear.

Guide to Cost Factors for Amazon’s RDS Pricing

Guide to Cost Factors for Amazon’s RDS Pricing

Amazon sports a complex pricing model. As simple as the pay-for-what-you-use model sounds, there are several nuances to every service from data used to computing components chosen that can easily let users blow through their entire budget. That’s not to say AWS is an inherently expensive platform and can be adapted to with proper planning and understanding of the contributing factors to billing.

Amazon Elastic Cloud Computing Pricing Guide

Amazon Elastic Cloud Computing Pricing Guide

Amazon Elastic Cloud Computing is the default option for computing on AWS. Outside of outsourced cloud computing options, it is the default service for building, running, and scaling AWS-based applications. As such, EC2 will likely be the main driving force behind AWS bills. Understanding how to control said costs is therefore the most important factor in managing your AWS environment.

Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.