You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/02/04 08:36:54 UTC

[GitHub] [cloudstack] weizhouapache commented on issue #4637: Kubernetes cluster creation Error - Kubernetes cluster kubeconfig not available currently in Isolated Network

weizhouapache commented on issue #4637:
URL: https://github.com/apache/cloudstack/issues/4637#issuecomment-773131690


   > @shwstppr Per your last comment - Management Server needs to be able to SSH to VMs through VR.
   > That means Management Server needs to be able to connect to VR (and vice versa).
   > FYI - I have limited understanding of how that communication needs to happen, and I am trying to learn here, so excuse my silly question...
   > 
   > If the Management server sits on its own VLAN with a single NIC, the VR is on its own VLAN (its created as an Isolated Network by default, which gets its own VLAN) , Both have Internet connectivity, but the VR is not exposed (meaning the Public IP assigned is just another VLAN), how would they ever be able to communicate? Secondly, dosen't that introduce a huge security risk if the network is accessible from the VR (and hence any VM on that VR) to Management server?
   > 
   > Again, I do not know if my assumption here is completely off, so please correct/explain as needed
   > 
   > EDIT ---- I Think I answered my own question after some more research... The Management server connects to the Virtualization Host (XCP-ng in my case), and uses the "ssh -i /root/.ssh/id_rsa.cloud -p 3922 root@LinkLocal" to get into the VR....
   > 
   > NOTE #2 -- In #4639 I added more details of my testing with the new build you provided. However it still failed. Here is a link for ease -- [#4639 (comment)](https://github.com/apache/cloudstack/pull/4639#issuecomment-773014094)
   
   @nxsbi as far as I know, when kubernetes cluster is created, some port forwarding rules are added for vms in the cluster. for example, 
   VR public IP:2222 -> master
   VR public IP:2223 -> node-1
   VR public IP:2224 -> node-2
   
   mgt server connects to kubernetes master/nodes via the VR public IP and ports above, not linklocal IP.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org