Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In DevOps Last updated: November 1, 2022
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Let’s learn about Kops, a Kubernetes operations tool.

Kubernetes is one of the most popular DevOps tools because of its amazing container orchestration system and features. But although Kubernetes offers so many functionalities, setting up a Kubernetes cluster from scratch is painful. This is where Kops comes into the picture.

With Kops, it is a cakewalk to create a Kubernetes cluster on cloud providers like AWS, Google Cloud, etc. It makes setting up a Kubernetes cluster hassle-free, and in this article, I will discuss this awesome tool.

What is Kops?

Kops, also known as Kubernetes operations, is an open-source, official Kubernetes project, which allows you to create, maintain, upgrade and destroy a highly available production-grade Kubernetes cluster. It provisions the cloud infrastructure also depending on the requirement. The developers of Kops describe it as kubectl for Kubernetes clusters.

Kops is mostly used in deploying AWS and GCE Kubernetes clusters. Kops officially supports only AWS, other cloud providers such as DigitalOcean, GCE, and OpenStack are in the beta stage.

If you have worked on kubectl before, you will feel comfortable working on Kops. Kops provides commands to create, get, update, delete clusters. In addition, Kops knows how to apply changes in the existing clusters as it uses declarative configuration. With Kops, you can also scale up and down a Kubernetes cluster.

Below are the features of Kops:

  • Deploys Kubernetes masters with high availability
  • Rolling cluster updates are supported
  • Automates the provisioning of AWS and GCE Kubernetes clusters
  • Manages cluster add-ons
  • Autocompletion of command in the command line
  • Generates CloudFormation and Terraform configurations
  • Supports state-sync model for dry-runs and automatic idempotency
  • Creates instance groups to support heterogeneous clusters

Installing Kops

Below are simple steps to install Kops on a Linux environment. I am using Ubuntu 20.x.

First, download Kops from the releases package. The command below downloads the latest package of Kops.

geekflare@ip-170-11-26-119:~$ curl -Lo kops$(curl -s | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64

Saving to: ‘kops-linux-amd64’
100%[=========================================================================================================================================================================>] 81,964,000  8.37MB/s   in 7.1s   
2021-06-10 16:23:19 (7.84 MB/s) - ‘kops-linux-amd64’ saved [81964000/81964000]

You need to provide executable permission to the kops file you downloaded and move it to /usr/local/bin/ directory.

geekflare@ip-170-11-26-119:~$ sudo chmod +x kops-linux-amd64
geekflare@ip-170-11-26-119:~$ sudo mv kops-linux-amd64 /usr/local/bin/kops

Installation is done. Now you can run the kops command to verify the installation.

geekflare@ip-170-11-26-119:~$ kops
kops is Kubernetes ops.
kops is the easiest way to get a production grade Kubernetes cluster up and running. We like to think of it as kubectl for clusters.

kops helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters from the command line. AWS (Amazon Web Services) is currently officially supported, with GCE and VMware vSphere in alpha support.

kops [command]

Available Commands:
completion Output shell completion code for the given shell (bash or zsh).
create Create a resource by command line, filename or stdin.
delete Delete clusters,instancegroups, or secrets.
describe Describe a resource.
edit Edit clusters and other resources.
export Export configuration.
get Get one or many resources.
import Import a cluster.
replace Replace cluster resources.
rolling-update Rolling update a cluster.
toolbox Misc infrequently used commands.
update Update a cluster.
upgrade Upgrade a kubernetes cluster.
validate Validate a kops cluster.
version Print the kops version information.

--alsologtostderr log to standard error as well as files
--config string config file (default is $HOME/.kops.yaml)
-h, --help help for kops
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory
--logtostderr log to standard error instead of files (default false)
--name string Name of cluster
--state string Location of state storage
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging

Use "kops [command] --help" for more information about a command.

Check the Kops version to be sure that Kops for installed correctly.

geekflare@ip-170-11-26-119:~$ kops version
Version 1.20.1 (git-5a27dad)

Let us now look at few important Kops commands which are used widely by admins for executing Kubernetes operations.

Kops Commands

Below are the widely used Kops commands you must know.

kops create

The kops create command is used to register a cluster.

Syntax: kops create cluster <clustername>

There are many other parameters like zone, region, instance type, number of nodes, etc., which you can add in addition to the default command.

kops update

The kops update command is used to update the cluster with the specified cluster specification.

Syntax: kops update cluster –name <clustername>

You can run this command in the preview mode to be on the safer side, and once the preview output matches your expectation, you can run the command with –yes flag to apply the changes to the cluster.

kops get

The kops get command is used to list all the clusters.

Syntax: kops get clusters

kops delete

The kops delete command is used to delete a specific cluster from the registry and all the cloud resources assigned to that cluster.

Syntax: kops delete cluster –name <clustername>

Just like update, you can run this command also in the preview mode.

kops rolling-update

The kops rolling-update command is used to update a Kubernetes cluster to match the cloud and kops specifications.

Syntax: kops rolling-update cluster –name <clustername>

Just like update, you can run this command also in the preview mode.

kops validate

The kops validate command validates if the cluster you created is up or not. For example, if the pods and nodes are in the pending state, the validate command will return that the cluster is not healthy yet.

Syntax: kops validate cluster –wait <specified_time>

This command will wait and validate the cluster for the specified time. So, if you want to validate the cluster for five minutes, run the command with 5m as specified time.

That was all about Kops fundamentals, let me now show you how to create a Kubernetes cluster on AWS using Kops.

Set Up Kubernetes on AWS using Kops

Before you begin with the steps mentioned below, these are a few pre-requisites:

Installing kubectl

Firstly, I will install kubectl.

Kubectl is used to run command line commands on Kubernetes clusters. Download a kubectl package.

geekflare@ip-170-11-26-119:~$  curl -LO$(curl -s
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 39.6M  100 39.6M    0     0  6988k      0  0:00:07  0:00:07 --:--:-- 6988k

You need to provide executable permission to the downloaded file and move it to /usr/local/bin/ directory.

geekflare@ip-170-11-26-119:~$ chmod +x ./kubectl
geekflare@ip-170-11-26-119:~$ sudo mv ./kubectl /usr/local/bin/kubectl

Create S3 Bucket

Once you have AWS CLI installed and configured in your Linux machine, you will be able to run aws commands. I have aws cli installed on my Ubuntu system, so let me run a simple command which will list all the buckets in S3.

geekflare@ip-170-11-26-119:~$ aws s3 ls

It will be empty because I don’t have any s3 bucket as of now. Let me check if any ec2 instance is running.

geekflare@ip-170-11-26-119:~$ aws ec2 describe-instances
    "Reservations": []

This means no ec2 instance is running as of now.

Now you need to create an s3 bucket where Kops will save all the cluster’s state information. Here I am creating an s3 bucket in the us-west-2 region with the name geekkops-bucket-1132. You can use LocationConstraint to avoid any error with the region.

geekflare@ip-170-11-26-119:~$ aws s3api create-bucket --bucket geekkops-bucket-1132 --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2
    "Location": ""

If I list the aws s3 bucket again, I will get the bucket I just created.

geekflare@ip-170-11-26-119:~$ aws s3 ls
2021-06-10 16:30:13 geekkops-bucket-1132

Run the below command to enable the version for the s3 bucket.

geekflare@ip-170-11-26-119:~$ aws s3api put-bucket-versioning --bucket geekkops-bucket-1132 --versioning-configuration Status=Enabled

Generate Key

Generate ssh key for which will be used by Kops for cluster login and password generation.

geekflare@ip-170-11-26-119:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ubuntu/.ssh/id_rsa.
Your public key has been saved in /home/ubuntu/.ssh/
The key fingerprint is:
SHA256:fH4JCBXMNRqzk1hmoK+cXmwSFaeBsuGBA5IWMkNuvq0 geekflare@ip-170-11-26-119
The key's randomart image is:
+---[RSA 2048]----+
|O=. .++Xoo |
|B++ .. @o* . |
|.= =. = = |
|o o o o o |
| . . . S o |
| o. = o . . |
| . .= + . o |
| .. + . |
| E . |

Export Environment Variables

Expose the cluster name and s3 bucket as environment variables. This will be applicable only for the current session. I am using the suffix ‘.k8s.local’ because I am not using any preconfigured DNS.

geekflare@ip-170-11-26-119:~$ export KOPS_CLUSTER_NAME=geekdemo1.k8s.local
geekflare@ip-170-11-26-119:~$ export KOPS_STATE_STORE=s3://geekkops-bucket-1132

Create the Cluster

Use the kops create command to create the cluster. Below are the parameters I am using to create a Kubernetes cluster on AWS using Kops:

  • --cloud tells the cloud provider I am using
  • --zones is the zone where the cluster instance will get deployed
  • --node-count is the number of nodes to deploy in the Kubernetes cluster
  • --node-size and --master-size are the ec2 instance types, I am using the micro instances
  • --name is the cluster name
geekflare@ip-170-11-26-119:~$ kops create cluster --cloud=aws --zones=eu-central-1a --node-count=1 --node-size=t2.micro --master-size=t2.micro --name=${KOPS_CLUSTER_NAME}
I0216 16:35:24.225238    4326 subnets.go:180] Assigned CIDR to subnet eu-central-1a
I0216 16:35:24.068088    4326 create_cluster.go:717] Using SSH public key: /home/ubuntu/.ssh/
Previewing changes that will be made:

I0216 16:35:24.332590    4326 apply_cluster.go:465] Gossip DNS: skipping DNS validation
I0216 16:35:24.392712    4326 executor.go:111] Tasks: 0 done / 83 total; 42 can run
W0216 16:35:24.792113    4326 vfs_castore.go:604] CA private key was not found
I0216 16:35:24.938057    4326 executor.go:111] Tasks: 42 done / 83 total; 17 can run
I0216 16:35:25.436407    4326 executor.go:111] Tasks: 59 done / 83 total; 18 can run
I0216 16:35:25.822395    4326 executor.go:111] Tasks: 77 done / 83 total; 2 can run
I0216 16:35:25.823088    4326 executor.go:111] Tasks: 79 done / 83 total; 2 can run
I0216 16:35:26.406919    4326 executor.go:111] Tasks: 81 done / 83 total; 2 can run
I0216 16:35:27.842148    4326 executor.go:111] Tasks: 83 done / 83 total; 0 can run

        AssociatePublicIP       true
        HTTPPutResponseHopLimit 1
        HTTPTokens              optional
        IAMInstanceProfile      name:masters.geekdemo1.k8s.local id:masters.geekdemo1.k8s.local
        ImageID                 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20210119.1
        InstanceType            t2.micro
        RootVolumeSize          64
        RootVolumeType          gp2
        RootVolumeEncryption    false
        SSHKey                  name:kubernetes.geekdemo1.k8s.local-3e:19:92:ca:dd:64:d5:cf:ff:ed:3a:92:0f:40:d4:e8 id:kubernetes.geekdemo1.k8s.local-3e:19:92:ca:dd:64:d5:cf:ff:ed:3a:92:0f:40:d4:e8
        SecurityGroups          [name:masters.geekdemo1.k8s.local]
        Tags                    { master, master-eu-central-1a, 1, master-eu-central-1a, Name: master-eu-central-1a.masters.geekdemo1.k8s.local, KubernetesCluster: geekdemo1.k8s.local, owned, }

        ShortName               eu-central-1a
        VPC                     name:geekdemo1.k8s.local
        AvailabilityZone        eu-central-1a
        Shared                  false
        Tags                    {KubernetesCluster: geekdemo1.k8s.local, owned, SubnetType: Public, 1, Name: eu-central-1a.geekdemo1.k8s.local}

        EnableDNSHostnames      true
        EnableDNSSupport        true
        Shared                  false
        Tags                    { owned, Name: geekdemo1.k8s.local, KubernetesCluster: geekdemo1.k8s.local}

        VPC                     name:geekdemo1.k8s.local
        DHCPOptions             name:geekdemo1.k8s.local

Must specify --yes to apply changes

Cluster configuration has been created.

 * list clusters with: kops get cluster
 * edit this cluster with: kops edit cluster geekdemo1.k8s.local
 * edit your node instance group: kops edit ig --name=geekdemo1.k8s.local nodes-eu-central-1a
 * edit your master instance group: kops edit ig --name=geekdemo1.k8s.local master-eu-central-1a

Finally configure your cluster with: kops update cluster --name geekdemo1.k8s.local --yes –admin

Run kops get command to see if the cluster got created.

geekflare@ip-170-11-26-119:~$ kops get cluster
NAME                    CLOUD   ZONES
geekdemo1.k8s.local     aws     eu-central-1a

Update the Cluster

To apply the specified cluster specifications to the cluster, run the kops update command.

geekflare@ip-170-11-26-119:~$ kops update cluster --name geekdemo1.k8s.local --yes --admin
I0216 16:38:16.800767    4344 apply_cluster.go:465] Gossip DNS: skipping DNS validation
I0216 16:38:16.919282    4344 executor.go:111] Tasks: 0 done / 83 total; 42 can run
W0216 16:38:17.343336    4344 vfs_castore.go:604] CA private key was not found
I0216 16:38:18.421652    4344 keypair.go:195] Issuing new certificate: "etcd-clients-ca"
I0216 16:38:18.450699    4344 keypair.go:195] Issuing new certificate: "etcd-peers-ca-main"
I0216 16:38:19.470785    4344 keypair.go:195] Issuing new certificate: "etcd-manager-ca-main"
I0216 16:38:19.531852    4344 keypair.go:195] Issuing new certificate: "etcd-peers-ca-events"
I0216 16:38:19.551601    4344 keypair.go:195] Issuing new certificate: "apiserver-aggregator-ca"
I0216 16:38:19.571834    4344 keypair.go:195] Issuing new certificate: "etcd-manager-ca-events"
I0216 16:38:19.592090    4344 keypair.go:195] Issuing new certificate: "master"
W0216 16:38:19.652894    4344 vfs_castore.go:604] CA private key was not found
I0216 16:38:19.653013    4344 keypair.go:195] Issuing new certificate: "ca"
I0216 16:38:24.344075    4344 executor.go:111] Tasks: 42 done / 83 total; 17 can run
I0216 16:38:24.306125    4344 executor.go:111] Tasks: 59 done / 83 total; 18 can run
I0216 16:38:26.189798    4344 executor.go:111] Tasks: 77 done / 83 total; 2 can run
I0216 16:38:26.190464    4344 executor.go:111] Tasks: 79 done / 83 total; 2 can run
I0216 16:38:26.738600    4344 executor.go:111] Tasks: 81 done / 83 total; 2 can run
I0216 16:38:28.810100    4344 executor.go:111] Tasks: 83 done / 83 total; 0 can run
I0216 16:38:29.904257    4344 update_cluster.go:313] Exporting kubecfg for cluster
kops has set your kubectl context to geekdemo1.k8s.local

Cluster is starting.  It should be ready in a few minutes.

 * validate cluster: kops validate cluster --wait 10m
 * list nodes: kubectl get nodes --show-labels
 * ssh to the master: ssh -i ~/.ssh/id_rsa ubuntu@api.geekdemo1.k8s.local
 * the ubuntu user is specific to Ubuntu. If not using Ubuntu please use the appropriate user based on your OS.
 * read about installing addons at:

If you immediately check the Kubernetes nodes are running or not, you will get an error. You need to be a little patient and wait for a few minutes (5-10) till the cluster is created.

geekflare@ip-170-11-26-119:~$ kubectl get nodes
Unable to connect to the server: dial tcp: lookup on no such host

Validate the Cluster

I am running the validate command for 5 minutes to check if the cluster is up and healthy or not. In the validate output, you will be able to see the node details when they are up.

geekflare@ip-170-11-26-119:~$ kops validate cluster --wait 5m
Validating cluster geekdemo1.k8s.local
NAME                    ROLE    MACHINETYPE     MIN     MAX     SUBNETS
master-eu-central-1a    Master  t2.micro        1       1       eu-central-1a
nodes-eu-central-1a     Node    t2.micro        1       1       eu-central-1a

List the Nodes and Pods

Now run the below command to check if all the nodes are ready and running. You can see both master and node are ready status.

geekflare@ip-170-11-26-119:~$ kubectl get nodes
NAME                                             STATUS   ROLES    AGE     VERSION   Ready    master   10m     v1.20.1   Ready    node     5m38s   v1.20.1

You can check all the pods running in the Kubernetes cluster.

geekflare@ip-170-11-26-119:~$ kubectl get pods --all-namespaces
NAMESPACE     NAME                                                                     READY   STATUS    RESTARTS   AGE
kube-system   dns-controller-8d8889c4b-xp9dl                                           1/1     Running   0          8m26s
kube-system       1/1     Running   0          10m
kube-system         1/1     Running   0          10m
kube-system   kops-controller-9skdk                                                    1/1     Running   3          6m51s
kube-system            2/2     Running   0          10m
kube-system   1/1     Running   6          10m
kube-system   kube-dns-696cb84c7-g8nhb                                                 3/3     Running   0          4m27s
kube-system   kube-dns-autoscaler-55f8f75459-zlxbr                                     1/1     Running   0          7m18s
kube-system                1/1     Running   0          10m
kube-system                1/1     Running   0          7m2s
kube-system            1/1     Running   5          10m

Delete the Cluster

Just like creating a Kubernetes cluster, deleting a Kubernetes cluster using Kops is very straightforward. This kops delete command will remove all the cloud resources of the cluster and the cluster registry itself.

geekflare@ip-170-11-26-119:~$ kops delete cluster --name geekdemo1.k8s.local --yes
TYPE                    NAME                                                                            ID
autoscaling-config      master-eu-central-1a.masters.geekdemo1.k8s.local                                lt-0cc11aec1943204e4
autoscaling-config      nodes-eu-central-1a.geekdemo1.k8s.local                                         lt-0da65d2eaf6de9f5c
autoscaling-group       master-eu-central-1a.masters.geekdemo1.k8s.local                                master-eu-central-1a.masters.geekdemo1.k8s.local
autoscaling-group       nodes-eu-central-1a.geekdemo1.k8s.local                                         nodes-eu-central-1a.geekdemo1.k8s.local
dhcp-options            geekdemo1.k8s.local                                                             dopt-0403a0cbbfbc0c72b
iam-instance-profile    masters.geekdemo1.k8s.local                                                     masters.geekdemo1.k8s.local
iam-instance-profile    nodes.geekdemo1.k8s.local                                                       nodes.geekdemo1.k8s.local
iam-role                masters.geekdemo1.k8s.local                                                     masters.geekdemo1.k8s.local
iam-role                nodes.geekdemo1.k8s.local                                                       nodes.geekdemo1.k8s.local
instance                master-eu-central-1a.masters.geekdemo1.k8s.local                                i-069c73f2c23eb502a
instance                nodes-eu-central-1a.geekdemo1.k8s.local                                         i-0401d6b0d4fc11e77
iam-instance-profile:nodes.geekdemo1.k8s.local  ok
load-balancer:api-geekdemo1-k8s-local-dason2    ok
iam-instance-profile:masters.geekdemo1.k8s.local        ok
iam-role:masters.geekdemo1.k8s.local    ok
instance:i-069c73f2c23eb502a    ok
autoscaling-group:nodes-eu-central-1a.geekdemo1.k8s.local       ok
iam-role:nodes.geekdemo1.k8s.local      ok
instance:i-0401d6b0d4fc11e77    ok
autoscaling-config:lt-0cc11aec1943204e4 ok
autoscaling-config:lt-0da65d2eaf6de9f5c ok
autoscaling-group:master-eu-central-1a.masters.geekdemo1.k8s.local      ok
keypair:key-0d82g920j421b89dn   ok
Deleted kubectl config for geekdemo1.k8s.local

Deleted cluster: "geekdemo1.k8s.local"


I hope this article on Kops was helpful, and you got to learn something new today. Kops is a fantastic tool to work with Kubernetes on the cloud. So go ahead and try out the steps mentioned in this article and set up your Kubernetes cluster on AWS using Kops.

  • Avi
    Avi is a tech enthusiast with expertise in trending technologies such as DevOps, Cloud Computing, Big Data and many more. He is passionate about learning cutting-edge technologies and sharing his knowledge with others through… read more
Thanks to our Sponsors
More great readings on DevOps
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder