How Do You Tell If the .yaml File for a kubectl Command Will Work?

0 Comments

Problem scenario
You want to do some pre-testing on the .yaml file(s) you will use with kubectl. How do you validate a .yaml file has correct syntax for Kubernetes?

Possible Solution #1
Try this command:
kubectl apply –validate=true –dry-run=true –filename=nameofyourfile.yaml

Possible Solution #2
Try this website:
https://www.kubeyaml.com/

Possible Solution #3
Try kubeval: https://www.kubeval.com/

Possible Solution #4
Use Copper: http://copper.sh/

Continue reading “How Do You Tell If the .yaml File for a kubectl Command Will Work?”

How Do You Create a .kube/config File with a “aws eks” Command?

0 Comments

One of the following apply:

Problem scenario #1
You are using EKS and you have no config file in the .kube directory. You want to run some kubectl commands.

Problem scenario #2
You are using EKS and run a kubectl command, but you get this error: “The connection to the server localhost:8080 was refused – did you specify the right host or port?”

Solution
Run a command like this (but replace “us-west-1” with your region and replace “foobar” with the cluster_name):

aws eks –region us-west-1 update-kubeconfig –name foobar

Continue reading “How Do You Create a .kube/config File with a “aws eks” Command?”

How Do You Create Nodes for EKS That Are Accessible to Log in?

0 Comments

Problem scenario
You want to create EC-2 instances (nodes) for Kubernetes in AWS using EKS. You want to be able to connect to them or log into them for the sake of troubleshooting. You want to configure the Kubernetes nodes to use a .pem or .ppk file for SSHing into them. You analyzed the create node group documentation on the internet, but found a vague reference to a –remote-access flag and a ec2Sshkey pointing to a string.

Continue reading “How Do You Create Nodes for EKS That Are Accessible to Log in?”

How Do You Troubleshoot “error occurred (AccessDeniedException) when calling the CreateCluster operation: User: … is not authorized to perform: iam:PassRole on resource:…”?

0 Comments

Problem scenario
You run this command:

aws eks create-cluster –name contint –role-arn arn:aws:iam::12345678910:role/contintrole –resources-vpc-config subnetIds=subnet-a123456,subnet-b77777777,securityGroupIds=sg-2e324234254

You get this error:

An error occurred (AccessDeniedException) when calling the CreateCluster operation: User: arn:aws:iam::12345678910:user/contintuser is not authorized to perform: iam:PassRole on resource: arn:aws:iam::12345678910:role/contintrole

What should you do?

Solution
1. Log into the AWS Console.
2. Go to IAM -Users
3.

Continue reading “How Do You Troubleshoot “error occurred (AccessDeniedException) when calling the CreateCluster operation: User: … is not authorized to perform: iam:PassRole on resource:…”?”

How Do You Troubleshoot the AWS CLI Message “An error occurred (AccessDeniedException) when calling the ListClusters operation”?

0 Comments

Problem scenario
You run this command aws eks list-clusters, but you get this message:

“An error occurred (AccessDeniedException) when calling the ListClusters operation: User: arn:aws:iam::12345678910:user/jdoe is not authorized to perform: eks:ListClusters on resource: arn:aws:eks:us-west-1:12345678910:cluster/*”

What should you do?

Solution
1. Go to the AWS Console and log in.
2. Go to IAM -> Users
3.

Continue reading “How Do You Troubleshoot the AWS CLI Message “An error occurred (AccessDeniedException) when calling the ListClusters operation”?”

How Do You Troubleshoot the EKS Error “AccessDeniedException…Clusters operation: Account …is not authorized to use this service”?

0 Comments

Problem scenario
In one region, but not another, you get this error with an “aws eks list-clusters” command:

“An error occurred (AccessDeniedException) when calling the ListClusters operation: Account 12345678910 is not authorized to use this service”

You know that IAM does not require region selection. What is causing this eks error?

Solution
Is your AWS CLI configured to use a region that eks does not support?

Continue reading “How Do You Troubleshoot the EKS Error “AccessDeniedException…Clusters operation: Account …is not authorized to use this service”?”

How Is Traffic Routed when a Browser Goes to a URL and the Website is Powered by a Kubernetes Cluster?

0 Comments

Question
You have been asked to explain how an external request for a website is routed and ultimately fulfilled by a pod in Kubernetes via an ingress controller. When a web browser downloads a website via HTTP and the website is running from a Kubernetes cluster, how does an individual container provide the HTML and/or data? How is external traffic routed to an underlying pod in a Kubernetes Cluster?

Continue reading “How Is Traffic Routed when a Browser Goes to a URL and the Website is Powered by a Kubernetes Cluster?”

How Do You Troubleshoot This Error “port bindings are not yet supported by rootless containers”?

0 Comments

Problem scenario
You run a docker command, but you get “port bindings are not yet supported by rootless containers”. What should you do?

Solution
Use sudo before the Docker command.

Waning: The above is not recommend for security purposes. Only follow this direction (with sudo docker run…), if the server is not that important or you are in a very secure network.

Continue reading “How Do You Troubleshoot This Error “port bindings are not yet supported by rootless containers”?”

How Do You Troubleshoot the Message ‘ERRO[0000] cannot setup namespace using newuidmap: exit status 1’?

0 Comments

Problem scenario
How do you resolve the Docker error ‘ERRO[0000] cannot setup namespace using newuidmap: exit status 1’?

Possible Solution #1
Reboot the Docker host.

Possible Solution #2
Good commands to help understand what might be going on are lsns, sudo lsns, and man nsenter

Continue reading “How Do You Troubleshoot the Message ‘ERRO[0000] cannot setup namespace using newuidmap: exit status 1’?”

How Do You Troubleshoot Messages about a markupsafe Fatal Error, C Extension Not Being Compiled, And/Or a Syntax Error with async when You Are Trying to Build a Docker Image?

0 Comments

Problem scenario
You wrote a Dockerfile. You are using it to try to create a Docker image. When you run the “docker build” command you get some error messages. The errors include one or more of the following:

1) A MarkupSafe fatal error related to Python.h.
2) A C extension not being compiled.
3) An invalid syntax error related to async (e.g., “Jinja2/jinja2/asyncfilters.py”).

You need to base the image off Ubuntu.

Continue reading “How Do You Troubleshoot Messages about a markupsafe Fatal Error, C Extension Not Being Compiled, And/Or a Syntax Error with async when You Are Trying to Build a Docker Image?”