scholzj / aws-minikube Goto Github PK
View Code? Open in Web Editor NEWSingle node Kubernetes instance implemented using Terraform and kubeadm
License: Apache License 2.0
Single node Kubernetes instance implemented using Terraform and kubeadm
License: Apache License 2.0
So to my knowledge I'm going to need the private key that was created during terraform apply so I can ssh into the ec2 instance, but I can't find the private key anywhere on my file system. Is there a default directory or file where that private key is placed?
So I started using this module yesterday, and it worked fine.
Today, the kubeconfig files weren't being generated, and seeing this error within the init-aws-minikube.log
file:
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0x307EA071:
Userid : "Rapture Automatic Signing Key (cloud-rapture-signing-key-2021-03-01-08_01_09.pub)"
Fingerprint: 7f92 e05b 3109 3bef 5a3c 2d38 feea 9169 307e a071
From : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for kubernetes
Trying other mirror.
One of the configured repositories failed (Kubernetes),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=kubernetes ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable kubernetes
or
subscription-manager repos --disable=kubernetes
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true
failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for kubernetes
Anyone started seeing this issue? Is this a temporary issue? Any ideas on a fix?
Hello,
I did a clear installation, and I had few issues
export KUBERNETES_MASTER=https://your.domain:6443
kubectl --certificate-authority=/etc/kubernetes/pki/ca.crt
This is intentional for security reasons (no authentication / authorization)
This is not exactly true with new version of Kubernetes, which is included in actual package. You have to use RBAC authentification according to Kubernetes documentation. I am still fighting how to get rid of this message
"message": "services "https:kubernetes-dashboard:" is forbidden: User "system:anonymous" cannot get services/proxy in the namespace "kube-system"",
After running
kubectl --certificate-authority=/etc/kubernetes/pki/ca.crt proxy
and tunneling it through SSH to my localhost
and accessing
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
Can you please help. I cannot even get pods even when I use
kubeadm token list
and use selected tokens because tokens has low privileges
[root@ip-10-0-0-18 kubernetes]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
******* 23h 2018-09-30T14:34:31Z authentication,signing system:bootstrappers:kubeadm:default-node-token******** authentication,signing system:bootstrappers:kubeadm:default-node-token
I need a token with system.master privileges but I have no idea how to get it.
Where I work, we use Netflix BLESS, and we would like to specify a custom AMI running on the EC2 instance, so we can configured the EC2 instance to trust our self-signed CA.
BLESS uses SSH certificates, added to OpenSSH in 5.4. SSH certificates allow a certificate authority to sign a user’s public key, along with a list of constraints; the user presents this certificate to the server during authentication. The server only needs to trust the CA, and does not need previous knowledge of the user’s public key.
Do you have an interest in an optional parameter for specifying a custom AMI?
After installing when trying to ssh in or do
copy_config_dns = To copy the kubectl config file using DNS record, run: 'scp [email protected]:/home/centos/kubeconfig .'
Can't get in with error
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I was receiving the following error within the kubernetes service when it was attempting to deploy an ELB from a kubernetes_ingress_v1 resource.
Warning SyncLoadBalancerFailed 2m49s service-controller Error syncing load balancer: failed to ensure load balancer: AccessDenied: User: arn:aws:sts::XXXXXXXXXXXXX:assumed-role/my-minikube/i-0a921073fe8c4d39f is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::XXXXXXXXXXXXX:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing because no identity-based policy allows the iam:CreateServiceLinkedRole action
Manually creating the following policy and attaching it to the role created by aws-minikube resolved the issue:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
}
}
}
]
}
kubectl get nodes return no nodes
also we cant create deployments
we get
Type Reason Age From Message
Warning FailedScheduling 3m (x176 over 53m) default-scheduler no nodes available to schedule pods
Hi!
Can't understand why kubectl proxy
knows where why aws cluster is after terraform apply
. Do you know it?
Hello, so everything is working fine, If I login into my EC2 instance and type kubectl cluster-info --kubeconfig=kubeconfig
it work.
Now I'm wondering if I could have access to my cluster from my computer, do you know how I could configure kubectl to use the remote cluster ? I tried a lot of thing but couldn't get it work.
Thanks!
As per the title, I'm a bit confused.
Is this Terraform configuration installing a regular Kubernetes installation configured to have a single node? Or is it actually installing the 'real' minikube (https://github.com/kubernetes/minikube/releases/tag/v1.5.2)?
I'm a bit of a noob when it comes to the difference between the two so please tell me if I'm misunderstanding.
Hello,
Firstly, thanks for releasing this. It makes deploying a minikube instance pretty damn easy.
I'm just having an issue with DNS services provided to my pods. The issue is primarily that there isn't any. While I can connect to sites via a bare IP address, I can't connect via DNS.
Each pod is configured to use the kube-dns pod for dns which is then configured to the a DNS server in my VPC, there are other EC2 instances using this DNS service just fine. I've checked the security group (which aws-minikube created anyway) and can't find any restrictions on outgoing traffic. Everything seems fine.
Do you have any idea what might be causing this?
Thanks,
Anthony
Terraform runs successfully, ending with:
Apply complete! Resources: 12 added, 0 changed, 0 destroyed.
Outputs:
copy_config = To copy the kubectl config file, run: 'scp centos@aws-minikube-
1.kube.public:/home/centos/kubeconfig .'
kubeadm_token = w8q6uz.w8q6uzdbev9lcskr
minikube_dns = aws-minikube-1.kube.public```
As I don't have DNS configured (using private hosted zone), I try to connect to the instance through the IP address I see in the AWS console. The result :
ssh [email protected]
ssh: connect to host 35.158.12.108 port 22: Operation timed out
Hello,
When i run the terraform init in aws-minikube folder as you provided guided steps, im getting following error. Am i missing minor something ? How can i fix this issue ?
_Test2 Folder has all the files by the way.
C:\Users\andromeda\26042020_Test2>terraform init
Initializing modules...
Error: Unreadable module directory
Unable to evaluate directory symlink: CreateFile ..\terraform-aws-minikube:
The system cannot find the file specified.
Error: Failed to read module directory
Module directory does not exist or cannot be read.
Error: Unreadable module directory
Unable to evaluate directory symlink: CreateFile ..\terraform-aws-minikube:
The system cannot find the file specified.
Error: Failed to read module directory
Module directory does not exist or cannot be read.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.