From 0858b2f7f178469f31914db1682e4ba9d20a502c Mon Sep 17 00:00:00 2001
From: Duncan McNaught <duncan.mcnaught@welltok.com>
Date: Thu, 23 Feb 2017 13:52:00 -0700
Subject: [PATCH] Adding docs on adding k-p to kops cluster on aws

---
 README.md         |  2 ++
 docs/KOPSonAWS.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 docs/KOPSonAWS.md

diff --git a/README.md b/README.md
index a751a4a9..8a5ec952 100644
--- a/README.md
+++ b/README.md
@@ -133,3 +133,5 @@ kube-system   kube-controller-manager-prometheus-discovery   10.2.30.2:10252
 kube-system   kube-scheduler-prometheus-discovery            10.2.30.4:10251    1h
 monitoring    etcd-k8s                                       172.17.4.51:2379   1h
 ```
+
+###[LINK: Install Docs for a cluster created with KOPS on AWS](docs/KOPSonAWS.md)
\ No newline at end of file
diff --git a/docs/KOPSonAWS.md b/docs/KOPSonAWS.md
new file mode 100644
index 00000000..d5d7cb10
--- /dev/null
+++ b/docs/KOPSonAWS.md
@@ -0,0 +1,44 @@
+# Adding kube-prometheus to [KOPS](https://github.com/kubernetes/kops) on AWS 1.5.x
+
+
+## Prerequisites
+
+A running Kubernetes cluster created with [KOPS](https://github.com/kubernetes/kops).
+ 
+These instructions have currently been tested with  **topology=public** on AWS with KOPS 1.5.1 and Kubernetes 1.5.x
+
+## Open AWS Security Groups:
+1. Open port 9100 on the masters security group to the nodes security group
+1. Open ports 10250-10252 on the masters security group to the nodes security group.
+
+Example script below requires $AWS\_DEFAULT_PROFILE and [$NAME](https://github.com/kubernetes/kops/blob/master/docs/aws.md#prepare-local-environment)
+
+```bash
+MASTER_SG=$(aws --profile ${AWS_DEFAULT_PROFILE} ec2 describe-security-groups --filters "Name=tag:Name,Values=masters.$NAME" --query "SecurityGroups[*].GroupId[]" --output=text)
+NODES_SG=$(aws --profile ${AWS_DEFAULT_PROFILE} ec2 describe-security-groups --filters "Name=tag:Name,Values=nodes.$NAME" --query "SecurityGroups[*].GroupId[]" --output=text)
+aws --profile ${AWS_DEFAULT_PROFILE} ec2 authorize-security-group-ingress --group-id $MASTER_SG --protocol tcp --port 9100 --source-group $NODES_SG
+aws --profile ${AWS_DEFAULT_PROFILE} ec2 authorize-security-group-ingress --group-id $MASTER_SG --protocol tcp --port 10250-10252 --source-group $NODES_SG
+```
+
+## Adding kube-prometheus
+Following the instructions in the [README](https://github.com/coreos/kube-prometheus/blob/master/README.md):
+
+Example:
+
+```bash
+git clone -b master https://github.com/coreos/kube-prometheus.git kube-prometheus-temp;
+cd kube-prometheus-temp
+./hack/cluster-monitoring/deploy
+kubectl -n kube-system create -f manifests/k8s/self-hosted/
+cd -
+rm -rf kube-prometheus-temp
+```
+This currently leads to a [certificate error on the kube-apiserver scrape](https://github.com/coreos/kube-prometheus/issues/35). Looks to be fixed by [PR33](https://github.com/coreos/kube-prometheus/pull/33)
+
+To create a config without this alert and error, you can deploy without the kube-apiserver spec:
+
+```bash
+kubectl -n kube-system create -f manifests/k8s/self-hosted/kube-controller-manager.yaml
+kubectl -n kube-system create -f manifests/k8s/self-hosted/kube-dns.yaml
+kubectl -n kube-system create -f manifests/k8s/self-hosted/kube-scheduler.yaml
+```
\ No newline at end of file
-- 
GitLab