K
Q

Access Rails EKS Endpoint

5/8/2020

I am working on deploying a Kubernetes cluster to AWS and I am having a certificate issue. I am using Chrome.

And I get this error message when I try to access it:

enter image description here

I can see what I guess is a Kubernetes dashboard if I go through Firefox though.

k8 yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: project # name of the deployment
  labels: # these labels apply to the deployment
    app: project
    component: project
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: project
  template:
    metadata:
      labels: # these labels apply to our container
        app: project
        component: project
    spec:
      containers:
      - name: project # name of our container
        image: id.dkr.ecr.region.amazonaws.com/project_api:latest # the URI that we got from ECR
        env:
        - name: DB_URL
          value: project.1234.region.rds.amazonaws.com # URL of our database endpoint
        - name: DB_USERNAME
          valueFrom:
            secretKeyRef:
              name: db-creds
              key: username # use the encoded username from the K8s secret db-creds
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: db-creds
              key: password # use the encoded password from the K8s secret db-creds
        - name: DB_NAME
          value: projectDB # our DB is named projectDB
        ports:
        - containerPort: 3000 # expose the running contianer on port 3000
          name: project

loadbalance.yml

apiVersion: v1
kind: Service
metadata:
  name: load-balancer
  labels:
    app: project
spec:
  selector:
    app: project
  type: LoadBalancer
  ports:
  - nodePort: 31000
    port: 3000
    targetPort: 3000

In Firefox. I was expecting to be able to access it from port 3000. URLENDPOINT:3000 timesout though.

Any idea how I can access the my app ? Any idea what I need to do to get around the ssl cert issue ?

-- user3738936
amazon-eks
amazon-web-services
kubernetes
ruby-on-rails

Similar Questions

GCP - How to serve multiple applications on a load balancer using Ingress?
What is the advantage of allowing port and targetPort to be different in Kubernetes services?
How to access keycloak on subpath with nginx ingress?
Configure Kubernetes logs in different path with Spring Logback

1 Answer

5/8/2020

That URL is the API for your EKS control plane, and not the LoadBalancer for the Service of load-balancer; if you run kubectl -n default get -o yaml svc load-balancer it will likely show you the actual DNS name for the Load Balancer that it created, if any (since that Service is a request for a LoadBalancer and your EKS cluster may not have the IAM permissions, or your Account may not have the quota to fulfill the request)

You can tell it's the EKS ELB and not your service's ELB not only from the blatant .eks in the domain name -- something it will for sure not do when it creates your load balancer -- but also from the CN of the SSL certificate it presented:

*  subject: CN=kube-apiserver
*  start date: May  7 20:52:30 2020 GMT
*  expire date: May  7 20:56:46 2021 GMT
*  issuer: CN=kubernetes
-- mdaniel
Source: StackOverflow