-1

I created aws application load balancer myservices and I got following DNS name listed in aws console - internal-myservices-987070943.us-east-1.elb.amazonaws.com

I also has Target Groups created and showing below under Description - Name as myservices-LB, Protocol as HTTPS , port as 443, Target type as instance, Load Balancer as myservices Under Targets tab I can see Registered targets showing my Instance ID as i-02dbf9b3a7d9163e7 with Port as 443 and other details… This instance ID is my ec2 instance which I have configured as master node of my kubernetes cluster.

Actually both my loadbalancer as well as EC2 instances are in same VPC.

From my local machine now I am able to access this URL https://internal-myservices-987070943.us-east-1.elb.amazonaws.com What I did was - 1) health check was failing in HTTPS 443 port and 2) Installed web server nginx in my EC2 Instance. So installing nginx and opening SSL port automatically resolved health check issue and I am able to browse the internal LB URL using https.

But still my main problem of creating a loadbalancer using kubernetes svc is not resolved :( It still shows <pending> for EXTERNAL_IP. My doubt is since both EC2 instance and LB are in same VPC, why isnt traceroute internal-myservices-987070943.us-east-1.elb.amazonaws.com not tracing it? I am getting all * * * for all 30 hops. But from my local machine I am able to trace it successfully. So this is the reason why its not creating any external ip ?

I did all the things needed for AWS cloud integration with kubernetes..

1) My hostname of both master and worker nodes in kube cluster same as EC2 instance DNS names.

2) Added tags for EC2 instances and in kubelet service

3) Added cloud-config tags for kube-api and kube-controller-manager POD's

4) I see elasticloadbalancing:* Action having Allow for my policy in AWS for my role.

Also I wonder how is it when nginx installed in my EC2 instance is able to access my LoadBalancer but Traceroute is not able to access it.

Is it possible to directly access my service using Loadbalancer which I manually created via AWS console?? Maybe with NodePort or ingress or something..??

So I am stuck with this :( Please help..

Gopi
  • 227
  • 2
  • 10
  • 30
  • _Added cloud-config tags for kube-api and kube-controller-manager_ I presume you mean the `--cloud-config` argument, but did you add the `--cloud-provider=aws` argument, too? – mdaniel Feb 03 '19 at 04:39
  • Yes that was also added – Gopi Feb 03 '19 at 04:44
  • Then only the logs from the controller-manager (and/or apiserver) will cough up what's going wrong with the API calls required to provision an ELB for that `Service` that is stuck in `` – mdaniel Feb 03 '19 at 04:47
  • Only these I can see related to AWS in controller logs - 1 aws.go:1041] Building AWS cloud-provider 1 aws.go:1007] Zone not specified in configuration file; querying AWS metadata service. Also, I don't see this policy in my I am role.. "Action": "s3:*", "Resource": [ "Arn:AWS:s3::: kubernetes-*" can this be an issue? – Gopi Feb 03 '19 at 17:24
  • Now after a certain amount of time I see this below log started occurring.. 1 controller manager.gi:208] error building controller context: cloud provider could not be initialized: could not init cloud provider "aws": error finding instance i-02dbf9b3a7d9163e7: "error listing AWS instances: \"RequestError: send request failed\\ncaused by: Post https://ec2.us-east1.amazonaws.com/: dial tcp 54.239.28.168:443 i/o timeout\"" – Gopi Feb 03 '19 at 17:32
  • I actually mentioned in [your previous question](https://stackoverflow.com/questions/54409889/exposing-kubernetes-app-using-aws-elastic-loadbalancer#comment95738971_54409889) that such a thing is very likely a security-group or firewall issue, as most connection timeouts usually are – mdaniel Feb 03 '19 at 18:28
  • But then if it is firewall issue how I am able to access my AWS LB in https port 443 which in turn is calling my nginx server installed in my ec2 instance with https port 443 turned on and serving me the index.html page? – Gopi Feb 03 '19 at 18:45
  • It's your question, you have to prove to us that it's _not_ a firewall issue, because i/o timeout trying to contact the AWS API is **for sure** not the normal state of affairs – mdaniel Feb 03 '19 at 18:59

1 Answers1

0

I had to set proxy as an env variable inside the kube-controller yaml. Also, had to set some ec2 metadata ip address in no_proxy variable for this to work.

Gopi
  • 227
  • 2
  • 10
  • 30