Aws-load-balancer-controller: Unable to setup with Kops 1.7.0 in AWS - NodePort issues
I have a very vanilla deployment of Kubernetes setup with Kops and I've tried setting up this controller.
The controller starts correctly, finds my NodePort service, and creates the ALB to point at the instances with the correct NodePort.
However, when I try to connect to my service through the ALB it just hangs. If I try get my service by using one of the AWS Instance's public ip plus the node port it hangs. If I SSH into one of the instances and then curl with the private Node IP and the port i get the correct response.
What am I doing wrong here? Why does the public IP go through to the node port ? My impression from the Kubernetes docs was that NodePort was to expose the service externally.
Perhaps this has to do with some kind of Kops default, so I've raised the issue there (https://github.com/kubernetes/kops/issues/3146) However in the hopes that this is perhaps some silly ignorance on my part I thought I'd ask here too.
jwickens
All 7 comments
I had the same problem. I setup a new instance of kubernetes with Tectonic and had the same issue.
liquidairstudios
on 7 Aug 2017
Hmm interesting @liquidairstudios so it would appear its a general Kubernetes issue. I followed a tutorial here which uses Tectonic and there is no mention of how to expose the node ports on the instance https://aws.amazon.com/blogs/apn/coreos-and-ticketmaster-collaborate-to-bring-aws-application-load-balancer-support-to-kubernetes/
jwickens
on 8 Aug 2017
I found the solution for my case, it involved editing the security groups for the masters and the nodes created by kops to forward those ports.
fuller answer is here:
I suggest that some mention of doing this is added to the alb-ingress-controller docs.
jwickens
on 8 Aug 2017
Could you post your yaml files so I can duplicate your success?
buildmystartupio
on 8 Aug 2017
I'm afraid its nothing to do with manifests @buildmystartupio, you need to edit the security groups for your EC2 instances that are your nodes in AWS. Please see the stackoverflow answer.
jwickens
on 14 Aug 2017
Thanks for the answer. I already got it going so I'm good.
Sent from my iPhone
On Aug 14, 2017, at 2:57 AM, Jonathan R Wickens notifications@github.com wrote:
I'm afraid its nothing to do with manifests @buildmystartupio, you need to edit the security groups for your EC2 instances that are your nodes in AWS. Please see the stackoverflow answer.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
liquidairstudios
on 14 Aug 2017
Thanks for the investigation @jwickens. We're actually planning to exclude masters by default once we move to 1.0.
joshrosso
on 14 Sep 2017
Related issues
ishaannarang
·
5Comments
mgoodness
·
5Comments
jwickens
·
4Comments
benwilson512
·
5Comments
rdubya16
·
4Comments
Most helpful comment
I found the solution for my case, it involved editing the security groups for the masters and the nodes created by kops to forward those ports.
fuller answer is here:
https://stackoverflow.com/questions/45543694/kubernetes-cluster-on-aws-with-kops-nodeport-service-unavailable/45561848#45561848
I suggest that some mention of doing this is added to the alb-ingress-controller docs.