Open dormullor opened 3 months ago
Its not clear for me how this is kops bug?
There is no way to setup kops for disconnected env... i can open a feature request if you want to
there is way to install kops in disconnected environment. However, you must copy all assets first. It can be installed without any internet connectivity, you just need to have connectivity to single object storage.
https://kops.sigs.k8s.io/operations/asset-repository/
also you need to use kops channel: none (I cannot see this in your spec at all.. so its not none in that case. Default value is stable)
dualstack addresses are coming https://github.com/kubernetes/kops/blob/release-1.26/util/pkg/vfs/s3fs.go#L511-L515
@zetaab Although I have added all assets files and containers into s3 and ECR and configured kops to use it, when looking at the nodeup logs I can see an error when trying to retrieve the s3 cluster-completed.spec even if I configure a s3 vpc endpoint.
That's because kops using the s3://bucket-name schema and the s3 vpc endpoint use the full s3 DNS name (bucket-name.s3.us-east-1.amazonaws.com).
As a result, kops cannot be used in a disconnected environment on AWS
W0412 06:49:07.558115 1040 main.go:133] got error running nodeup (will retry in 30s): error loading Cluster "s3://kops-state-****/*****/cluster-completed.spec": file does not exist
/kind bug
1. What
kops
version are you running? The commandkops version
, will display this information. 1.26.32. What Kubernetes version are you running?
kubectl version
will print the version if a cluster is running or provide the Kubernetes version specified as akops
flag. 1.26.43. What cloud provider are you using? AWS
4. What commands did you run? What is the simplest way to reproduce this issue? Manage your own security group and allow egress traffic only for internal communication ( block 0.0.0.0/0 and allow vpc cidr)
5. What happened after the commands executed? exceed timeout
6. What did you expect to happen? When ssh into the master node, the nodeup process exit's with the following error :
7. Please provide your cluster manifest. Execute
kops get --name my.example.com -o yaml
to display your cluster manifest. You may want to remove your cluster name and other sensitive information.I have created a VPC endpoint for S3 with an Interface type, but all of the DNS records do not include the dualstack.