search

Sanjay-George / nick-name-generator

(Cloud App demo, not a toy!) A simple nickname generator built with microservice architecture. Docker and K8s deployment.
0 stars 0 forks source link

Kubespray/AWS - Issue with SSH into ansible bastion host #3

Open Sanjay-George opened 2 years ago

Sanjay-George commented 2 years ago

image

Sanjay-George commented 2 years ago
  1. Ansible is picking the private IP of the worker node as bastion host IP. This won't be accessible
  2. Ensure the ansible user is correct. Check the user name for various AMI here
    • for debian, it is admin
Sanjay-George commented 2 years ago

Read more here: https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible.md#bastion-host

Sanjay-George commented 2 years ago

Note: For bastion host, we need to have a domain name or a static public IP. Can try using elastic IP for this. Also, SSHing into private servers should be possible through the bastion server.

Sanjay-George commented 2 years ago

Two options for kubespray:

  1. Assign elastic IP for bastion host. Set up proper SSH config .
  2. Eliminate bastion host. Make all worker and control nodes public.
Sanjay-George commented 2 years ago

Two options for kubespray:

  1. Assign elastic IP for bastion host. Set up proper SSH config .
  2. Eliminate bastion host. Make all worker and control nodes public.

Assigning elastic IP shouldn't be necessary, since ansible should have created SSH config file from the dynamic inventory. Not happening though.

For now, going for option 2. Eliminating bastion host, making all nodes public