fixing typo and improved the create-tags part (#136)

* fixing typo and improved the create-tags part `$sgidingress--tags` > `$sgidingress --tags` - missing space was causing an error. also changed the way on how to give keys and values. * create SG's in existing VPC - added some infos on how to create the SG's in an existing VPC. - fixed a tag attribute to fit the cluster-name
zalando-incubator · Mar 6, 2018 · 32c1b39 · 32c1b39
1 parent cc2f876
commit 32c1b39
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/deploy/kops.md b/deploy/kops.md
@@ -145,7 +145,29 @@ aws ec2 authorize-security-group-ingress --group-id $sgidingress --protocol tcp
 aws ec2 authorize-security-group-ingress --group-id $sgidingress --protocol tcp --port 80 --cidr 0.0.0.0/0
 
 aws ec2 authorize-security-group-ingress --group-id $sgidnode --protocol all --port -1 --source-group $sgidingress
-aws ec2 create-tags --resources $sgidingress--tags "kubernetes.io/cluster/id=owned" "kubernetes:application=kube-ingress-aws-controller"
+aws ec2 create-tags --resources $sgidingress --tags Key="kubernetes.io/cluster/${KOPS_CLUSTER_NAME}",Value="owned" Key="kubernetes:application",Value="kube-ingress-aws-controller"
+```
+
+If your cluster is running not in the default VPC then 
+the commands for the creation of the security groups will 
+look a little bit different: 
+
+```
+export VPC_ID=vpc-1234567a
+
+```
+and then...
+
+```
+aws ec2 create-security-group --description ingress.$KOPS_CLUSTER_NAME --group-name ingress.$KOPS_CLUSTER_NAME --vpc-id $VPC_ID
+aws ec2 describe-security-groups --filter Name=vpc-id,Values=$VPC_ID  Name=group-name,Values=ingress.$KOPS_CLUSTER_NAME
+export sgidingress=$(aws ec2 describe-security-groups --filter Name=vpc-id,Values=$VPC_ID  Name=group-name,Values=ingress.$KOPS_CLUSTER_NAME | jq '.["SecurityGroups"][0]["GroupId"]' -r)
+export sgidnode=$(aws ec2 describe-security-groups --filter Name=vpc-id,Values=$VPC_ID  Name=group-name,Values=nodes.$KOPS_CLUSTER_NAME | jq '.["SecurityGroups"][0]["GroupId"]' -r)
+aws ec2 authorize-security-group-ingress --group-id $sgidingress --protocol tcp --port 443 --cidr 0.0.0.0/0
+aws ec2 authorize-security-group-ingress --group-id $sgidingress --protocol tcp --port 80 --cidr 0.0.0.0/0
+
+aws ec2 authorize-security-group-ingress --group-id $sgidnode --protocol all --port -1 --source-group $sgidingress
+aws ec2 create-tags --resources $sgidingress --tags Key="kubernetes.io/cluster/${KOPS_CLUSTER_NAME}",Value="owned" Key="kubernetes:application",Value="kube-ingress-aws-controller"
 ```
 
 ### AWS Certificate Manager (ACM)