search

ougabriel / Deploy-a-tetris-Java-Application-on-Kubernetes-hosted-on-AWS-using-GitActions2

0 stars 1 forks source link

No external IP on "kubectl get svc" for tetris app #5

Open ougabriel opened 1 month ago

ougabriel commented 1 month ago

Issue output

image

Possible solution

Attaching an AWS IAM role to an existing EC2 instance that is running Kubernetes (K8s) and needs to interact with a load balancer to expose the application running inside the K8s pods involves several steps. Here is a detailed guide:

Step 1: Create an IAM Role with Necessary Permissions

  1. Create a Policy:

    • Go to the AWS Management Console.
    • Navigate to IAM > Policies > Create Policy.
    • Define the policy with the necessary permissions. For example, to allow access to the load balancer: 
      {
"Version": "2012-10-17",
"Statement": [
 {
   "Effect": "Allow",
   "Action": [
     "elasticloadbalancing:*",
     "ec2:DescribeInstances",
     "ec2:DescribeNetworkInterfaces",
     "ec2:DescribeTags",
     "ec2:DescribeVpcs",
     "ec2:DescribeSubnets",
     "ec2:DescribeSecurityGroups"
   ],
   "Resource": "*"
 }
]
}
    • Review and create the policy. Note the policy ARN.

  2. Create an IAM Role:

    • Go to IAM > Roles > Create Role.
    • Select EC2 as the trusted entity.
    • Attach the policy created in the previous step.
    • Complete the creation of the role and note the role ARN.

Step 2: Attach IAM Role to Existing EC2 Instance

  1. Attach IAM Role:
    • Go to the EC2 console.
    • Select the instance running your Kubernetes cluster.
    • From the Actions menu, choose Security, then Modify IAM Role.
    • Select the role you created and apply the changes.

Step 3: Redeploy the service

ougabriel commented 1 month ago

The LoadBalancer service is stuck in the <pending> state for the EXTERNAL-IP field, it could be due to several issues with your AWS setup or Kubernetes configuration. Here are some steps to troubleshoot and resolve the issue:

Step 2: Ensure Subnets are Tagged Correctly

To check and add tags:

Step 3: Verify AWS Load Balancer Controller or Cloud Provider Configuration

Ensure that Kubernetes cluster is configured correctly to provision AWS load balancers. Check the following:

  1. AWS Load Balancer Controller: If you are using the AWS Load Balancer Controller, ensure it is deployed and running in your cluster. 
    kubectl get pods -n kube-system

    Look for the aws-load-balancer-controller pod. If it's not there, follow the installation guide.

Step 4: Inspect Kubernetes Events

Inspect the Kubernetes events to see if there are any errors related to the creation of the load balancer:

kubectl describe svc tetris-app2 -n tetris-app

Step 5: YAML File Verification

Ensure service YAML file is correct. Here is a revised example:

apiVersion: v1
kind: Service
metadata:
  name: tetris-app2
  namespace: tetris-app
spec:
  type: LoadBalancer
  selector:
    app: tetris-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

Apply the configuration:

kubectl apply -f tetris-app-service.yaml

Step 6: Check IAM Permissions

The policy should include permissions like:

{
  "Effect": "Allow",
  "Action": [
    "elasticloadbalancing:*",
    "ec2:DescribeInstances",
    "ec2:DescribeNetworkInterfaces",
    "ec2:DescribeTags",
    "ec2:DescribeVpcs",
    "ec2:DescribeSubnets",
    "ec2:DescribeSecurityGroups"
  ],
  "Resource": "*"
}

Example of a Correct Service Configuration

Here’s a complete example of a service configuration for a load balancer:

apiVersion: v1
kind: Service
metadata:
  name: tetris-app2
  namespace: tetris-app
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"  # Or "elb" for classic load balancer
spec:
  type: LoadBalancer
  selector:
    app: tetris-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80