Kubernetes on Centos 7 with HA in AWS or Onpremise. Deploy one app with Circle Ci.

Ezequiel Arielli
8 min readDec 15, 2017



Kubernetes is an open-source platform orchestration of containers, this technology is used by Google in its apps.
This project was donated by Google to Cloud Native Foundation https://www.cncf.io/ and this project recive the colaboration of multiple cloud vendors such as AWS,Azure,Cloud Google Platform ,Bluemix , Red Hat and Alibaba Cloud.

In the last years Kubernetes became very popular amoung developers.

This big impact places Kurnetes in a different position, as it is now a collaborative platform for vendors in the cloud, which is rapidily increasing..

After my first installation many things changed (https://www.itshellws.org/kubernetes/). For example, the networking management which now has a cni plugin or the new tool ‘kubeadm’ to make the installation easier.

Nowadays there’s a tool called Kops. This tools is very good and it is used to create automatic cluster of kubernetes in AWS but if you want more control of cluster maybe you prefer a manual installation.

For more info of kops https://github.com/kubernetes/kops and https://www.nivenly.com — Kris Nova (she is a writing in this blog).


  • Kubernetes masters tree in HA —kubernetes Latest version
  • Docker version 17.0.3
  • SO Centos 7 in provider AWS.
  • Example of CI with Circle CI.


  • At least six ec2 instances: three for master ,two for minion and one nginx loadbalancer.

Install etcd and apiserver in master nodes. In this example I use instances type two t2.micro and one t2.medium.

  • VPC with 3 subnets multi-az for HA.

I use the VPC default created for amazon in these regions.

Details :

VPC — IPv4 CIDR block

SUBNETS | Availability Zone — 2a | Availability Zone — 2b | Availability Zone — 2c


masters: kub01 | Availability Zone — 2b kub02 | Availability Zone — 2c kub03 | Availability Zone — 2a

load-balancer: kublb01 | Availability Zone — 2a

minions: minion1 | Availability Zone — 2a minion2 | Availability Zone — 2a

  • Approximately about 30 minutes of your life to learn more 😄


Starting to Work:

Open your AWS account and select the region for work. I use Ohio region -this region in my account is empty- .

VPC — default.

SUBNETS | Availability Zone — 2a | Availability Zone — 2b | Availability Zone — 2c

Launch Instance — Centos 7

Select Centos 7

Free tier — 😆

I’m select t2.micro .

Start the installation in kub03– | Availability Zone — 2a

Note: Don’t start installing in kub 01 or 02.

Tags: Name — kub03

Ports Requeriments | Create a new security group.

If you already created the security group, launch your instance

Proceed to launch the second instance — kub02

The second node is kub02 — config IP | Availability Zone — 2c

Copy this code in Advanced Details .


Then configure it in a similar way to Kub03 (storage, security groups )

change the tag Name (kub02) and launch.

Proceed to Launch kub01. This node is the last master — The script needs instances kub03 and kub02 running and the status check must be 2/2 passed (or ticked in green).

Launch instances and select Centos 7 and its type.

node is kub01 — config IP | Availability Zone — 2b

Copy this code in Advanced Details and edit lines for your domain FQDN.


Then configure it in a similar way to other servers (storage, security groups )

change the tag Name (kub01) and launch.

Edit lines:

After editing, copy the code in Advanced Details.

In 2 minutes your Cluster — Etcd and kubernetes , will be working.

Wait until the status check is 2/2 checks passed and connect to ssh in instances.

connect to servers and check services etcd , kubelet , etc.

The masters is running with HA for etcd service. Very Good 😃

Proceed to launch — LB kublb01 | Availability Zone — 2a

Copy this code in Advanced Details .


Then configure it in a similar way to other servers (storage, security groups )

change the tag Name (kublb01) and launch.

connect to lb and check nginx service is ok

In the last step I’m going to install one minion. But first I have to generate a new cluster.

# Generate token

sudo openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der | openssl dgst -sha256 -hex

sudo kubeadm token create — groups system:bootstrappers:kubeadm:default-node-token

sudo kubeadm token list

save the generated data and proceed to launch the minion.

Copy this code in Advanced Details and edit kube join data.

Replace the token and hash generated.


Then configure it in a similar way to other servers (storage, security groups )

change the tag Name (minion2) and launch.

Wait until the status check is ticked in green and connect to minion2

run script ./join
The minion connects to kubernetes api in Load balancer .

check nodes status in daemon kubectl.

I recommend to configure more dns replicas or horizontal autoscaling.

Command to scale replicas dns:

kubectl scale — replicas=3 deployments/kube-dns -n kube-system

The next step is to upload one application in the cluster.

Please install git in one master and clone my repo tag version 30.

yum install git -y

git clone https://github.com/nightmareze1/alpine.git && cd alpine && git checkout tags/v0.0.30 -b v0.0.30

This repo contain the config for CI with Circle.

I guess you have a circle ci account if not, creat one.

Circle CI: I created a free account. It contains 1500 minutes for deploy.

The next step is to configure project — Click on Project and select your app repo.

In the project configure secrets vars.

The data for Certificate_* and client_* exists in file ~/.kube/config in kub01 or 2/3.

LB-FQDN: create FQDN in your domain and apoint to ELB — PUBLIC IP.

kube_api is LB-FQDN for example — kube_api: master.itshellws-k8s.com

I use docker hub and ECR as a registry. That’s why my credentials are aws | docker.

REPO: nightmareze1/alpine

Now we are ready to launch the app — Edit one file in repo and commit changes.
Circle CI shoot the pipeline deployment and build the container.

Check the new svc named alpine and port — Test app in ‘IP:port’ of minion or LB.

My blog is an app running in kubernetes.

Thanks for reading this article. Hope you find it helpful 😃



Ezequiel Arielli

DevOps SR | SRE @Miroculus.com San Francisco, CA www.itshellws.org