cann't validate the cluster

Question

cann't validate the cluster

hhuchzh opened this issue 6 years ago · 6 comments

after finish creating the cluster, all the related services are been created sucessfully, but when I "kops validate cluster", it cann't connect the ELB, the log below:

unexpected error during validation: error listing nodes: Get https://api-cluster-bjs-k8s-local-c9l1qd-2011066806.cn-north-1.elb.amazonaws.com.cn/api/v1/nodes: dial tcp 54.222.209.4:443: i/o timeout

Anyone know the reason?
Thanks

Answer 1 · 2018-11-01T08:39:52.000Z

Hi

please check the following items：

go to AWS EC2 console, select Load Balancer and click the ELB for K8S API, click instances, make sure all 3 instances are InService

make sure you already submit the file for ICP Recordal or ICP License(ICP備案) otherwise the HTTPS:443 on the API ELB will be blocked. Check the official FAQ here: https://www.amazonaws.cn/en/about-aws/china/faqs/?nc1=f_ls#new%20step
make sure the security group on the API ELB is HTTPS:443 public open
telnet the ELB DNS name on TCP 443 and see if the socket is connected like below

pahud:~/environment/kops-cn (master) $ telnet api-cluster-zhy-k8s-local-qpbf7n-985241646.cn-northwest-1.elb.amazonaws.com.cn 443
Trying 52.83.228.42...
Connected to api-cluster-zhy-k8s-local-qpbf7n-985241646.cn-northwest-1.elb.amazonaws.com.cn.
Escape character is '^]'.

Answer 2 · 2018-11-01T09:07:33.000Z

Thank you,
For your suggestion 2,
I change the port number, not use the 443, and now I can connect the cluster now.
Chinese Characteristics.

Answer 3 · 2018-11-01T09:24:32.000Z

@hhuchzh no problem. Hope you find this project useful.

Answer 4 · 2019-01-04T07:14:11.000Z

Thank you,
For your suggestion 2,
I change the port number, not use the 443, and now I can connect the cluster now.
Chinese Characteristics.

请问你是怎么修改端口的，我修改成8443，但kops validate依然访问443端口，没办法验证，

Answer 5 · 2019-01-13T07:09:04.000Z

Thank you,
For your suggestion 2,
I change the port number, not use the 443, and now I can connect the cluster now.
Chinese Characteristics.

请问你是怎么修改端口的，我修改成8443，但kops validate依然访问443端口，没办法验证，

修改ELB对应的security group，允许8443。
修改ELB的Listener，对应8443到instance的443。
修改~/.kube/config文件中的Server的url，后面加上端口号(:8443)。

kubectl get nodes成功。

Answer 6 · 2019-01-13T07:14:14.000Z

Thank you,
For your suggestion 2,
I change the port number, not use the 443, and now I can connect the cluster now.
Chinese Characteristics.

请问你是怎么修改端口的，我修改成8443，但kops validate依然访问443端口，没办法验证，

修改ELB对应的security group，允许8443。
修改ELB的Listener，对应8443到instance的443。
修改~/.kube/config文件中的Server的url，后面加上端口号(:8443)。

kubectl get nodes成功。

thank you, bro.