unbale to bringup the Kubernetis Cluster with Quick start when

[antonytphilip]

What steps did you take and what happened: [A clear and concise description of what the bug is.]

I am trying to bring up the Cluster using our private subnet , but the cluster creation fails as the kubelet goes for restart loop .i use below default options for kubeadm.yaml .

nodeRegistration: name: ${HOSTNAME} kubeletExtraArgs: cloud-provider: aws the failure message is as below ,

Nov 16 13:23:19 ip-x-x-x-x kubelet[2703]: F1116 13:23:19.106328 2703 server.go:262] failed to run Kubelet:could not init cloud provider "aws": error finding instance i-07e3ea0ca6e64efc6: "error listing AWS instances: \"RequestError: send request failed\ncaused by: Post https://ec2.us-east-1.amazonaws.com/: dial tcp 54.239.28.168:443: i/o timeout\""

============ What did you expect to happen: i need to be able to start the kubelet with cloud provider=aws option for kubelet in kubeadm.yaml

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.] but if i remove the below lines, atleast the cluster starts up , but i observed that I am unable to expose the a deployed application through an ELB . , kubeletExtraArgs: cloud-provider: aws

Environment: Dev

• Kubernetes version: (use kubectl version): Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}

• OS (e.g. from /etc/os-release): NAME="Ubuntu" VERSION="16.04.5 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.5 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial

[wiquan]

Also likely a duplicate of #225. You can try to recreate the stack with 'ApiLbLocation=0.0.0.0/0' to see if it get farther. The idea is NAT_EID is not in the SG so your not getting return traffic along this path: external ELB -> NAT Gateway -> private ec2 instance (master node).

[antonytphilip]

I have created this stack on the private subnets and no NAT instance or IGW is provisioned due to restrictions in our organisation . Also , I use an existing SG , where all traffic are allowed between any to any , and between the same SG, and from our private on premise network . ( The SG creation part is conveniently excluded from the CFT , so ' ApiLbLocation ' parameter is not used as the traffic is allowed from any to any ).

inbound internet access to EC2 is through our enterprise proxy .

And As i mentioned previosly , the kubelet starts successfully if i remove "kubeletExtraArgs: cloud-provider: aws"' from kubeadm.yaml while execution . but it looks like 'cloud-provider: aws' is an essential parameter to run the kubernetis on aws . Correct me if i am wrong .

[wiquan]

This QuickStart is a 'canned' method of creating the infrastructure and EC2 instances necessary for a v11.2 cluster via kubeadm.

It sounds like your deployment is much different than the deployment of this QuickStart CF template. For instance, No IGW or NAT GW means you have no VPC. So does that mean No public / private subnets either? You see what I mean? Your deployment is way different from the templates they have designed. You can see a basic deployment diagram on the AWS page. They are not showing everything either. Like they don't show routeTable (one per subnet) or NAT GW for private subnet, etc.

Maybe you can consult Heptio to help you get your setup working?

[antonytphilip]

Yes the original CFT was modified to use in our restricted environment . I use an existing VPC , that does'nt have IGW and NAT GW, But it has private subnets . I worked around the internet connectivity through our internet Proxy on EC2 apart from that , i use an existing SG which is open to any .These are the only difference from the original CFT of Quick start.

[antonytphilip]

Sorry , I thought this is the platform to reach out to heptio .May i know , if there are other means to reach out to them.

[wiquan]

I think of this as the place to report bugs, such that the QuickStart works as originally designed and documented. It may be quicker if you approach Heptio from a APN (consulting) perspective by considering the Heptio Kubernetes Subscription, where you would click on Work with APN Partner and then the Get started with Heptio button. Its just email form being submitted ,but it appears to be the formal engagement process when working with AWS Partners. Hope that helps.