Running k9 on an EC2 Instance with SSM¶
Creating aws cli long-term access keys is a security risk. If these keys are ever leaked, it could be disastrous. The safer approach is to use credentials from IAM roles. An easy way to do this is to start a Systems Manager Agent (SSM Agent) and run k9 from there.
Creating an ssm instance¶
Setting up an ec2 instance requires setting up a vpc with all the proper access (aws guide). There is a CloudFormation template included with k9 that should be used instead of manually creating the vpc and ec2 instance. The file can be found under k9/yaml/cfm/ssm-access.yml, or it can be copied to your current directory by running k9 get ssm-template. Upload it by going to CloudFormation > Stacks > Create Stack > With new resources > Upload a template file. The select your file, enter a stack name, and create.
Using k9 on the ssm instance¶
On the AWS console select AWS Systems Manager > Session Manager > Start Session and select the instance created by the CloudFormation stack. The following script is run on the ec2 instance created by the CloudFormation stack.
#!/bin/bash
yum update -y
# Enable SSM
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
systemctl enable amazon-ssm-agent
systemctl start amazon-ssm-agent
# install git
sudo yum install git -y
cd ~
# install pipenv
python3 -m pip install pipenv
# install kubectl
curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
# install helm
curl -L https://git.io/get_helm.sh | bash -s -- --version v3.8.
If git, pipenv, kubectl, or helm failed to install, you may try the commands listed above again. Kubectl and Helm must be properly installed for k9 to function properly. Once you log into the instance, you should run
cd ~
aws configure
# skip the access key, and secret access key inputs. Enter your region and json as the default output.
git clone <your k9 config repository url>
cd <your_repo>
mkdir <AWS_ACCOUNT_NAME>
cd <AWS_ACCOUNT_NAME>
mkdir .venv
python3 -m pipenv install
python3 -m pipenv shell
Now you are in the pipenv shell inside of your repository for k9 output files, and should install k9. If the version of k9 you want is on normal pypi, simply run.
pip install k9==<VERSION>
If you are installing from test.pypi, run
pip install -i https://test.pypi.org/pypi/ --extra-index-url https://pypi.org/simple k9==<VERSION>