I am trying to run kubernetes on EC2 and I used CoreOs alpha channel ami.I configured Kubectl ssh tunnel for the communication between Kubectl client and Kubernetes API.
But when I try kubectl api-versions command, I am getting following error.
Couldn't get available api versions from server: Get http://MyIP:8080/api: dial tcp MyIP:8080: connection refused
MyIP - this has set accordingly.
What could be the reason for this?
Reason for this issue was that I haven't set the kubernetes_master environment variable properly. As there is a ssh tunnel between the kubectl client and API, kubernetes master environment variable should be set to localhost.
Related
I have to deploy an application via Helm by supplying a VM Ip address and node port. Its a BareMetal Kubernetes cluster. The kubernetes cluster has ingress controller installed (as node port, this value is supplied in helm command). The problem is: I am receiving a 404 not found error if I access the applciation as:
curl http://{NODE_IP}:{nodeport}/path
there is no firewall. I have "allow all ingresss traffic" policy. But not sure what is wrong. I have now tried anything possible but cannot find the root cause.
I have created EKS cluster with API server endpoint access as "Private". Cluster is configured in private subnet. I'd like to allow kubectl access from local PC. I have created Client VPN, it has access to private network (verified that by SSH to an EC2 instance running in the same private subnet). But kubectl gets "unable to connect to the server: dial x.x.x.x:443 i/o timout". "aws eks update-kubeconfig" can see that cluster and updates local context properly. What could be the problem?
Found out what was was missing. 443 had to be enabled in authorization rules
I'm trying to use the MinIO operator on a minikube (1 node) deployed in an EC2 machine.
The operator is deployed correctly and the same is for the tenant creation and it seems all good until I try to make a connection to the created tenant.
In this case I receive a 500 internal server error then I'm unable to create buckets or to use the mc client that MinIO provides.
I tried both with the MinIO console (using a port-forward) and the command line minio command to create the tenant and both worked.
This is what I see with kubectl:
mc test
kubectl get all -n minio-tenant-aisync
kubectl get all --all-namespaces
I am new to Kubernetes and MinIO then I don't know if I am missing something, could you help me please?
The first mc command that you are running shows there is something listening on port 9000 of your localhost, however you are getting a TLS verification error because MinIO by default is using a certificate issued by the local kubernetes certificate authority, also the returned certificate is not valid for localhost domain, the solution for this is to add the --insecure flag to your mc command (and include it in all subsequent commands unless you use a valid certificate), ie:
./mc alias set minio https://localhost:9000 [accesskey] [secretkey] --insecure
I have 1 VPC - under that 1 EC2 instance ( amazon ami ) and 1 Redis (cluster mode enabled) Cluster with Auth ( password) and with Security Group Open to all IP:Port ( only for testing sake ) - so very simple setup.
telnet works at port 6379 from my EC2 Instance
- Configuration EndPoint
- Shard>eachNode EndPoint
Not able to connect to Redis Server using Redis CLI - doesnt matter endpoint either Config or Node endpoint; Using Redis CLI of v.5.0.4 ;
Please Note - AWS ElastiCache Redis Cluster ( Cluster disabled ) or Single Server Node, provides Primary Endpoint, which works fine. Only when Cluster is enabled and get ConfigEndpoint/NodeEndPoints - then having problem.
Config EndPoint:
[root#ip-xx-xx-xx-xx src]# ./redis-cli -h clustercfg.xxxx.xxxxx.use1.cache.amazonaws.com -p 6379
Node EndPoint:
[root#ip-xx-xx-xx-xx src]# ./redis-cli -h xxxx-0001-0-01.xxxx.xxxxx.use1.cache.amazonaws.com -p 6379
Any help is appreciated!
thanks
After spending few days on this issue, I was able to find the solution - we need stunnel or any other equivalent that creates SSL tunnel, redis-cli doesn't support ssl or tls.
To access data from ElastiCache for Redis nodes enabled with in-transit encryption, you use clients that work with Secure Socket Layer (SSL). However, redis-cli doesn't support SSL or Transport Layer Security (TLS).
To work around this, you can use the stunnel command to create an SSL tunnel to the redis nodes. You then use redis-cli to connect to the tunnel to access data from encrypted Redis nodes.
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
We are trying to use RESTCOMM OLYMPUS by making few customizations as part of our application. The main customization is that we have deployed OLYMPUS war on our Apache TOmcat web server and the OUTBOUND PROXY is properly pointed to the same server where RESTCOMM is running.
So far all is good, but recently we got the issue that "getUserMedia()" deprecation issue because of insecure origin issue by chromium fix.
So, it means we need to use HTTPS and WSS. I can see that just around 7 days back OLYMPUS code has been updated on GITHUB to use WSS if HTTPS has been used in browser location bar.
So first we have installed self signed CERT and enabled SLL config on TOMCAT so that our customized OLYMPUS UI is accessed via https from Tomcat. And then we used WSS protocol to connect to OUTBOUND PROXY. Bt we got the below error
"WebSocket connection to 'wss:/:5082/' failed: Error in connection establishment: net::ERR_TIMED_OUT
WSMessageChannel:createWebSocket(): websocket connection has failed:[object Event]"
Then we thought that in addition to TOMCAT ( where WAR is deployed) we need to install self singed cert and SSL config on RESTCOMM as well. So we did it by following http://docs.telestax.com/restcomm-enable-https-secure-connector-on-jboss-as-7-or-eap-6/ and also we have used WSS protocol.
But this time also we got the error but with a different error code though
"WebSocket connection to 'wss:/:5083/' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
WSMessageChannel:createWebSocket(): websocket connection has failed:[object Event]"
Can i request the forums to explain if we are missing any thin here?
Thanks in advance
I would suggest to use the mobicents RestComm docker image instead of using the zip bundle, because for docker image all settings are handled automatically and https/wss should work out of the box. Here are some quick steps to get you started:
Install docker in your Ubuntu if not already there
Download RestComm docker image:
$ docker pull mobicents/restcomm:latest
Start docker image:
$ docker run -e SECURE="true" -e SSL_MODE="allowall" -e USE_STANDARD_PORTS="true" -e VOICERSS_KEY="VOICERSS_KEY_HERE" --name=restcomm -d -p 80:80 -p 443:443 -p 9990:9990 -p 5060:5060 -p 5061:5061 -p 5062:5062 -p 5063:5063 -p 5060:5060/udp -p 65000-65535:65000-65535/udp mobicents/restcomm:latest
Now you should be able to reach your RestComm instance Admin UI at:
https://<host ip address>/
Make sure that you don't have any servers running in your host at the ports used by the docker container above, or you'll have to use different ports (please refer to the docker hub page for such options)
Best regards,
Antonis Tsakiridis