mholka
diff --git a/‎README.md
+3 b/‎README.md
+3
diff --git a/‎kubernetes/cloud/amazon/assume-node-policy.json
+12 b/‎kubernetes/cloud/amazon/assume-node-policy.json
+12
diff --git a/‎kubernetes/cloud/amazon/assume-policy.json
+12 b/‎kubernetes/cloud/amazon/assume-policy.json
+12
diff --git a/‎kubernetes/cloud/amazon/getting-started.md
+163 b/‎kubernetes/cloud/amazon/getting-started.md
+163
diff --git a/‎kubernetes/cloud/azure/getting-started.md
+129 b/‎kubernetes/cloud/azure/getting-started.md
+129
@@ -64,5 +64,8 @@ Video:                      https://youtu.be/xhva6DeKqVU <br/>
 Part #7                     Kubernetes ingress | the basics <br/>
 Video:                      https://youtu.be/izWCkcJAzBw <br/>  
 
+Kubernetes in the Cloud
+
+Checkout my series on running Kubernetes in the Cloud [here](./kubernetes/cloud/readme.md) <br/>
 
 More details coming soon!
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Principal": {
+          "Service": "ec2.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+      }
+    ]
+}
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Principal": {
+          "Service": "eks.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+      }
+    ]
+}
@@ -0,0 +1,163 @@
+# Getting Started with EKS
+
+## Amazon CLI
+
+```
+
+# Run Amazon CLI
+docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17
+
+cd ./kubernetes/cloud/amazon
+
+yum install jq
+```
+
+## Login to AWS
+
+https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
+
+```
+# Access your "My Security Credentials" section in your profile. 
+# Create an access key
+
+aws configure
+
+# Regions
+https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
+
+```
+
+
+# Deploy Cluster with AWS CLI
+
+You can deploy a cluster using multiple ways.  </br>
+We will cover the two fundamental ways.
+
+1) AWS CLI https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
+2) EKS CLI (newer) https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html
+
+
+## AWS CLI
+
+Kubernetes needs a service account to manage our Kubernetes cluster <br/>
+In AWS this is an IAM role <br/>
+Lets create one! <br/>
+
+Follow "Create your Amazon EKS cluster IAM role" [here](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html) <br/>
+
+```
+
+# create our role for EKS
+role_arn=$(aws iam create-role --role-name getting-started-eks-role --assume-role-policy-document file://assume-policy.json | jq .Role.Arn | sed s/\"//g)
+aws iam attach-role-policy --role-name getting-started-eks-role --policy-arn  arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
+
+# create the cluster VPC
+
+curl https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-05-08/amazon-eks-vpc-sample.yaml -o vpc.yaml
+aws cloudformation deploy --template-file vpc.yaml --stack-name getting-started-eks
+
+# grab your stack details 
+aws cloudformation list-stack-resources --stack-name getting-started-eks > stack.json
+
+# create our cluster
+
+aws eks create-cluster \
+--name getting-started-eks \
+--role-arn $role_arn \
+--resources-vpc-config subnetIds=subnet-063efe1fa0c5d4913,subnet-06f91e563755e2077,subnet-0824d16f8536b3681,securityGroupIds=sg-0960d3a116ba912e1,endpointPublicAccess=true,endpointPrivateAccess=false
+
+aws eks list-clusters
+aws eks describe-cluster --name getting-started-eks
+```
+
+
+## Get a kubeconfig for our cluster
+
+```
+
+aws eks update-kubeconfig --name getting-started-eks --region ap-southeast-2
+
+#grab the config if you want it
+cp ~/.kube/config .
+
+curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl
+
+```
+
+## Add nodes to our cluster
+
+```
+
+# create our role for nodes
+role_arn=$(aws iam create-role --role-name getting-started-eks-role-nodes --assume-role-policy-document file://assume-node-policy.json | jq .Role.Arn | sed s/\"//g)
+
+aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
+aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+aws iam attach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+
+```
+More details on node permissions [here](https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html)
+
+
+More details on instance types to choose from [here](https://aws.amazon.com/ec2/instance-types/)
+
+```
+aws eks create-nodegroup \
+--cluster-name getting-started-eks \
+--nodegroup-name test \
+--node-role $role_arn \
+--subnets subnet-0ec47e6ae964a233f \
+--disk-size 200 \
+--scaling-config minSize=1,maxSize=2,desiredSize=1 \
+--instance-types t2.small
+```
+
+## EKS CTL example
+
+```
+eksctl create cluster --name getting-started-eks-1 \
+--region ap-southeast-2 \
+--version 1.16 \
+--managed \
+--node-type t2.small \
+--nodes 1 \
+--node-volume-size 200 
+
+```
+## Create some sample containers
+
+```
+cd ../..
+
+kubectl create ns example-app
+
+# lets create some resources.
+kubectl apply -n example-app -f secrets/secret.yaml
+kubectl apply -n example-app -f configmaps/configmap.yaml
+kubectl apply -n example-app -f deployments/deployment.yaml
+
+# remember to change the `type: LoadBalancer`
+kubectl apply -n example-app -f services/service.yaml
+
+```
+## Cleanup 
+
+```
+
+eksctl delete cluster --name getting-started-eks-1
+
+aws eks delete-nodegroup --cluster-name getting-started-eks --nodegroup-name test
+aws eks delete-cluster --name getting-started-eks
+
+aws iam detach-role-policy --role-name getting-started-eks-role --policy-arn  arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
+aws iam delete-role --role-name getting-started-eks-role
+
+aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
+aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+aws iam detach-role-policy --role-name getting-started-eks-role-nodes --policy-arn  arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+
+aws iam delete-role --role-name getting-started-eks-role-nodes
+
+aws cloudformation delete-stack --stack-name getting-started-eks
+```
@@ -0,0 +1,129 @@
+# Getting Started with AKS
+
+## Azure CLI
+
+```
+# Run Azure CLI
+docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh mcr.microsoft.com/azure-cli:2.6.0
+
+cd ./kubernetes/cloud/azure
+
+```
+
+## Login to Azure
+
+```
+#login and follow prompts
+az login 
+
+# view and select your subscription account
+
+az account list -o table
+SUBSCRIPTION=<id>
+az account set --subscription <SubscriptionId-id-here>
+
+```
+
+## Create our Resource Group
+
+```
+RESOURCEGROUP=aks-getting-started
+az group create -n $RESOURCEGROUP -l australiaeast
+
+```
+## Create Service Principal
+
+Kubernetes needs a service account to manage our Kubernetes cluster </br>
+Lets create one! </br>
+
+```
+
+SERVICE_PRINCIPAL_JSON=$(az ad sp create-for-rbac --skip-assignment --name aks-getting-started-sp -o json)
+
+#Keep the `appId` and `password` for later use!
+
+SERVICE_PRINCIPAL=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.appId')
+SERVICE_PRINCIPAL_SECRET=$(echo $SERVICE_PRINCIPAL_JSON | jq -r '.password')
+
+#grant contributor role over the resource group to our service principal
+
+az role assignment create --assignee $SERVICE_PRINCIPAL \
+--scope "/subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCEGROUP" \
+--role Contributor
+
+```
+For extra reference you can also take a look at the Microsoft Docs: [here](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-service-principal.md) </br>
+
+## Create our cluster
+
+```
+#full list of options
+
+az aks create --help
+az aks get-versions --location australiaeast -o table
+
+#generate SSH key
+
+ssh-keygen -t rsa -b 4096 -N "VeryStrongSecret123!" -C "[email protected]" -q -f  ~/.ssh/id_rsa
+cp ~/.ssh/id_rsa* .
+
+az aks create -n aks-getting-started \
+--resource-group $RESOURCEGROUP \
+--location australiaeast \
+--kubernetes-version 1.16.9 \
+--load-balancer-sku standard \
+--nodepool-name default \
+--node-count 1 \
+--node-vm-size Standard_E4s_v3  \
+--node-osdisk-size 250 \
+--ssh-key-value ./id_rsa.pub \
+--network-plugin kubenet \
+--service-principal $SERVICE_PRINCIPAL \
+--client-secret $SERVICE_PRINCIPAL_SECRET \
+--output none
+
+# if your SP key is invalid, generate a new one:
+SERVICE_PRINCIPAL_SECRET=(az ad sp credential reset --name $SERVICE_PRINCIPAL | jq -r '.password')
+```
+
+## Get a kubeconfig for our cluster
+
+```
+# use --admin for admin credentials
+# use without `--admin` to get no priviledged user.
+
+az aks get-credentials -n aks-getting-started \
+--resource-group $RESOURCEGROUP
+
+#grab the config if you want it
+cp ~/.kube/config .
+
+```
+
+## Get kubectl
+
+```
+curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
+chmod +x ./kubectl
+mv ./kubectl /usr/local/bin/kubectl
+
+cd ../..
+
+kubectl create ns example-app
+
+# lets create some resources.
+kubectl apply -n example-app -f secrets/secret.yaml
+kubectl apply -n example-app -f configmaps/configmap.yaml
+kubectl apply -n example-app -f deployments/deployment.yaml
+
+# remember to change the `type: LoadBalancer`
+kubectl apply -n example-app -f services/service.yaml
+
+```
+
+## Clean up 
+
+```
+az group delete -n $RESOURCEGROUP
+az ad sp delete --id $SERVICE_PRINCIPAL
+```