0

I want to create cluster on gcp using kops.

For this, first I created gcs bucket. Then exported value for KOPS_STATE_STORE as

export KOPS_STATE_STORE=gs://kubernetes-cluster-dev/

After this, created cluster object and instance group in the bucket by executing command

kops create cluster simple.k8s.local --zones asia-southeast2-a --state ${KOPS_STATE_STORE}/ --project=${PROJECT}

Now I ran command to create cluster as

kops update cluster --name simple.k8s.local --yes --admin

It gave me following output

I0823 18:21:49.011726 3198907 featureflag.go:165] FeatureFlag "AlphaAllowGCE"=true
I0823 18:21:49.769208 3198907 gce_cloud.go:125] Will load GOOGLE_APPLICATION_CREDENTIALS from siminvest-3473d78328bd.json
I0823 18:21:52.215128 3198907 apply_cluster.go:483] Gossip DNS: skipping DNS validation
W0823 18:21:52.295506 3198907 external_access.go:36] TODO: Harmonize gcemodel ExternalAccessModelBuilder with awsmodel
W0823 18:21:52.295541 3198907 firewall.go:35] TODO: Harmonize gcemodel with awsmodel for firewall - GCE model is way too open
W0823 18:21:52.295554 3198907 firewall.go:64] Adding overlay network for X -> node rule - HACK
W0823 18:21:52.295568 3198907 firewall.go:118] Adding overlay network for X -> master rule - HACK
W0823 18:21:52.950612 3198907 autoscalinggroup.go:117] enabling storage-rw for etcd backups
I0823 18:21:52.950735 3198907 autoscalinggroup.go:153] VMs using Service Account: default
I0823 18:21:52.950765 3198907 autoscalinggroup.go:161] gsa: default
I0823 18:21:52.950848 3198907 autoscalinggroup.go:153] VMs using Service Account: default
I0823 18:21:52.950873 3198907 autoscalinggroup.go:161] gsa: default
I0823 18:21:58.715950 3198907 executor.go:111] Tasks: 0 done / 58 total; 37 can run
I0823 18:21:59.298555 3198907 executor.go:111] Tasks: 37 done / 58 total; 17 can run
I0823 18:22:00.147597 3198907 executor.go:111] Tasks: 54 done / 58 total; 2 can run
I0823 18:22:02.456113 3198907 executor.go:111] Tasks: 56 done / 58 total; 2 can run
I0823 18:22:02.946997 3198907 executor.go:111] Tasks: 58 done / 58 total; 0 can run
I0823 18:22:02.991855 3198907 update_cluster.go:313] Exporting kubecfg for cluster
kOps has set your kubectl context to simple.k8s.local

Cluster is starting.  It should be ready in a few minutes.

Suggestions:
 * validate cluster: kops validate cluster --wait 10m
 * list nodes: kubectl get nodes --show-labels
 * ssh to the master: ssh -i ~/.ssh/id_rsa ubuntu@api.simple.k8s.local
 * the ubuntu user is specific to Ubuntu. If not using Ubuntu please use the appropriate user based on your OS.
 * read about installing addons at: https://kops.sigs.k8s.io/operations/addons.

Now I ran command after some time to validate cluster as

kops validate cluster --wait 10m

But it gives me error as

I0823 18:22:58.748559 3200157 featureflag.go:165] FeatureFlag "AlphaAllowGCE"=true
Using cluster from kubectl context: simple.k8s.local

I0823 18:22:59.607767 3200157 gce_cloud.go:125] Will load GOOGLE_APPLICATION_CREDENTIALS from siminvest-3473d78328bd.json
Validating cluster simple.k8s.local

W0823 18:23:11.030635 3200157 validate_cluster.go:173] (will retry): unexpected error during validation: error listing nodes: Get "https://34.101.133.0/api/v1/nodes": net/http: TLS handshake timeout

can someone please help me out to resolve this issue?

ROHIT BANSAL
  • 57
  • 1
  • 1
  • 8

1 Answers1

0

I tried replicating using doc and was thrown a similar error when using the command kops validate cluster --wait 10m.
But the error after TLS timeout error was “unexpected error during validation: error listing nodes: Unauthorized” .
I then stopped the command and was able to resolve this error with the help of a solution from this stack post and now when I run kops validate cluster I get the expected output.

Gellaboina Ashish
  • 543
  • 2
  • 6
  • Just after running command kops create cluster cname , I tried to run `kops export kubecfg --admin` command but it throws me error as --name is required so I passed `--name cname` but it throws error as error getting ingress status: error getting ForwardingRule "api-simple-k8s-local": googleapi: Error 404: The resource 'projects/siminvest/regions/asia-southeast2/forwardingRules/api-simple-k8s-local' was not found – ROHIT BANSAL Aug 25 '21 at 10:47
  • I was thrown the same error. The command `kops create cluster CNAME --zones --state ${KOPS_STATE_STORE} --project=${PROJECT}` didn't actually create any instances or other cloud objects in GCE, to do that, run `kops update cluster CNAME --yes` command and then export the kubeconfig file using `kops export kubecfg CNAME --admin`. By default the configuration will be saved into a user's $HOME/.kube/config file. Can you also confirm if the above Solution answers your cluster validation issue? – Gellaboina Ashish Aug 25 '21 at 11:30
  • I'm still getting the same issue. – ROHIT BANSAL Aug 26 '21 at 07:27
  • Are you able to view the newly created Load Balancer [here](https://console.cloud.google.com/networking/loadbalancing/?_ga=2.139594224.2143374011.1629707871-1850329825.1626767526&_gac=1.249901300.1629791998.Cj0KCQjwsZKJBhC0ARIsAJ96n3VVP8j_WhMLZgFqtbzRQ_mMfcZlgNgotWpj9BNQ8GiT5d6AsY0GSDQaAmcyEALw_wcB) and Firewall rules [here](https://console.cloud.google.com/networking/firewalls/list?_ga=2.172148064.2143374011.1629707871-1850329825.1626767526&_gac=1.85335147.1629791998.Cj0KCQjwsZKJBhC0ARIsAJ96n3VVP8j_WhMLZgFqtbzRQ_mMfcZlgNgotWpj9BNQ8GiT5d6AsY0GSDQaAmcyEALw_wcB) after the update command? – Gellaboina Ashish Aug 26 '21 at 09:02
  • Yes, I'm able to get the newly created lb and firewall rules but still getting error as `TLS handshake timeout` while validating cluster – ROHIT BANSAL Sep 02 '21 at 12:11