Subnet connection issues

[saj9191]

Hello, I tried to follow the deploy README to setup a Pocket instance. I used the create_pocket_vpc.sh script to create the relevant VPCs, subnets, etc.

The README says to make sure the VM you launch everything from is in the private subnet. However, when I create it in the private subnet, I can't SSH into it. I looked into changing the routing table, but because of the NAT settings, it doesn't look like I can add internet gateways. Is there an easy way to fix this?

To try to get around this problem, I tried creating the VM in the public subnet. This allowed me to SSH, however when I reached the stage where you connect to the controller, it was unable to.

Thanks, Shannon

[jananiej]

@saj9191 One way you can try ,When your cluster is ready try to create the instance group with the role of Bastion and update the cluster. kops create instancegroup bastions --role Bastion --subnet utility-us-west-2c --name ${NAME} kops update cluster ${NAME} --yes

Then get the, aws elb --output=table describe-load-balancers|grep DNSName.*bastion|awk '{print $4}'

and you can SSH to the bastions instance as ssh -i ~/.ssh/id_rsa admin@.

Thanks

[saj9191]

Hi, Thanks for the quick response. I'm not sure I understand. I'm having problems before I even create the cluster. The documentation says Create and ssh into an instance in pocket-kubernetes VPC from which you will launch kubernetes. This instance will serve as the Pocket controller. Make sure to create the VM in the private subnet of the pocket-kubernetes VPC and assign the VM's (private) IP address to be 10.1.47.178.

If I follow these instructions and create a VM in the private subnet, I cannot SSH into it. Do you mean this VM specified in the documentation should be one of the machines in the Kubernetes cluster?

Thanks

[anakli]

Hi Shannon,

You can create a free t2.micro VM in the pocket-kubernetes VPC in the public subnet and use this VM to ssh into the pocket controller VM in the private subnet. Use the command below to ssh into the pocket controller. In this example, 32.222.92.89 is the public IP address of the public VM and 10.1.47.178 is private IP address of the private VM.

ssh -X -t -A ubuntu@34.222.92.89 ssh -t -Y 10.1.47.178

If you have not already, you should first run this command to add your key: ssh-add -k filename.pem

Let me know if this helps.

[saj9191]

Hello, That fixed the problem! Thank you.

I tried to follow the rest of the deploy README and can't get the patch_cluster.py script to work. The error is Traceback (most recent call last): File "patch_cluster.py", line 213, in main() File "patch_cluster.py", line 205, in main add_lambda_security_group_ingress_rule() File "patch_cluster.py", line 189, in add_lambda_security_group_ingress_rule pocket_lax_groupid = re.search(pattern, out).group().strip('\"') AttributeError: 'NoneType' object has no attribute 'group'

So the script wants to get a group ID for the pocket-kubernetes lax security group. If I look at the list of security groups, the only ones that were generated were nodes.pocketcluster.k8s.local, masters.pocketcluster.k8s.local, and api-elb.pocketcluster.k8s.local. What do I need to do to set up the other security groups? I ran the create_pocket_vpc.sh script, but it doesn't look like it creates a security group with the name "pocket-kube-relax".

[anakli]

Apologies for the late reply. Yes, you need to create your own security group. The scripts currently assume it is called "pocket-kube-relax".