How Do You Tell If the .yaml File for a kubectl Command Will Work?

0 Comments

Problem scenario
You want to do some pre-testing on the .yaml file(s) you will use with kubectl. How do you validate a .yaml file has correct syntax for Kubernetes?

Possible Solution #1
Try this command:
kubectl apply –validate=true –dry-run=true –filename=nameofyourfile.yaml

Possible Solution #2
Try this website:
https://www.kubeyaml.com/

Possible Solution #3
Try kubeval: https://www.kubeval.com/

Possible Solution #4
Use Copper: http://copper.sh/

Continue reading “How Do You Tell If the .yaml File for a kubectl Command Will Work?”

How Do You Create a .kube/config File with a “aws eks” Command?

0 Comments

One of the following apply:

Problem scenario #1
You are using EKS and you have no config file in the .kube directory. You want to run some kubectl commands.

Problem scenario #2
You are using EKS and run a kubectl command, but you get this error: “The connection to the server localhost:8080 was refused – did you specify the right host or port?”

Solution
Run a command like this (but replace “us-west-1” with your region and replace “foobar” with the cluster_name):

aws eks –region us-west-1 update-kubeconfig –name foobar

Continue reading “How Do You Create a .kube/config File with a “aws eks” Command?”

How Do You Create Nodes for EKS That Are Accessible to Log in?

0 Comments

Problem scenario
You want to create EC-2 instances (nodes) for Kubernetes in AWS using EKS. You want to be able to connect to them or log into them for the sake of troubleshooting. You want to configure the Kubernetes nodes to use a .pem or .ppk file for SSHing into them. You analyzed the create node group documentation on the internet, but found a vague reference to a –remote-access flag and a ec2Sshkey pointing to a string.

Continue reading “How Do You Create Nodes for EKS That Are Accessible to Log in?”

How Do You Troubleshoot “error occurred (AccessDeniedException) when calling the CreateCluster operation: User: … is not authorized to perform: iam:PassRole on resource:…”?

0 Comments

Problem scenario
You run this command:

aws eks create-cluster –name contint –role-arn arn:aws:iam::12345678910:role/contintrole –resources-vpc-config subnetIds=subnet-a123456,subnet-b77777777,securityGroupIds=sg-2e324234254

You get this error:

An error occurred (AccessDeniedException) when calling the CreateCluster operation: User: arn:aws:iam::12345678910:user/contintuser is not authorized to perform: iam:PassRole on resource: arn:aws:iam::12345678910:role/contintrole

What should you do?

Solution
1. Log into the AWS Console.
2. Go to IAM -Users
3.

Continue reading “How Do You Troubleshoot “error occurred (AccessDeniedException) when calling the CreateCluster operation: User: … is not authorized to perform: iam:PassRole on resource:…”?”

How Do You Troubleshoot the AWS CLI Message “An error occurred (AccessDeniedException) when calling the ListClusters operation”?

0 Comments

Problem scenario
You run this command aws eks list-clusters, but you get this message:

“An error occurred (AccessDeniedException) when calling the ListClusters operation: User: arn:aws:iam::12345678910:user/jdoe is not authorized to perform: eks:ListClusters on resource: arn:aws:eks:us-west-1:12345678910:cluster/*”

What should you do?

Solution
1. Go to the AWS Console and log in.
2. Go to IAM -> Users
3.

Continue reading “How Do You Troubleshoot the AWS CLI Message “An error occurred (AccessDeniedException) when calling the ListClusters operation”?”

How Do You Troubleshoot the EKS Error “AccessDeniedException…Clusters operation: Account …is not authorized to use this service”?

0 Comments

Problem scenario
In one region, but not another, you get this error with an “aws eks list-clusters” command:

“An error occurred (AccessDeniedException) when calling the ListClusters operation: Account 12345678910 is not authorized to use this service”

You know that IAM does not require region selection. What is causing this eks error?

Solution
Is your AWS CLI configured to use a region that eks does not support?

Continue reading “How Do You Troubleshoot the EKS Error “AccessDeniedException…Clusters operation: Account …is not authorized to use this service”?”

How Is Traffic Routed when a Browser Goes to a URL and the Website is Powered by a Kubernetes Cluster?

0 Comments

Question
You have been asked to explain how an external request for a website is routed and ultimately fulfilled by a pod in Kubernetes via an ingress controller. When a web browser downloads a website via HTTP and the website is running from a Kubernetes cluster, how does an individual container provide the HTML and/or data? How is external traffic routed to an underlying pod in a Kubernetes Cluster?

Continue reading “How Is Traffic Routed when a Browser Goes to a URL and the Website is Powered by a Kubernetes Cluster?”

Is there a Docker Hub equivalent for OpenShift?

0 Comments

Problem scenario
Docker Hub is a public registry for containers. Does OpenShift support something like this? You know they have the OpenShift Container Registry — but this is private to a given OpenShift instance. Red Hat owns OpenShift. Is there a public registry supported by Red Hat?

Answer
Yes. It is called Quay.io. If you want a brief overview of it,

Continue reading “Is there a Docker Hub equivalent for OpenShift?”

What Should The Permissions of the kubectl File Be on a Linux server?

0 Comments

Problem scenario
You copied the kubectl file. You are not sure what the permissions it should have. When you try to execute it, you get “Permission denied”. What should you do?

Solution
We recommend using this (after you change directories to the one that has the kubectl file): sudo chmod 777 kubectl

When you use conjure-up, it makes kubectl have 777 permissions.

Continue reading “What Should The Permissions of the kubectl File Be on a Linux server?”