I am creating a cluster using the following command:
kops create cluster --zones us-west-1c --master-size=m4.large --node-size=m5.large ${NAME} --associate-public-ip=false --topology private --api-loadbalancer-type internal --networking calico --vpc vpc-xxxxxxxx --cloud-labels="Creator=revor,Description=YM k8 cluster,ENV=int,Name=SMV_INT_YMK8,Requestor=Rey Reymond,code=5483"
The cluster gets created in aws. So far so good. But the problem is, when I run kops validate cluster I get:
Validating cluster xxx.xxx.xx unexpected error during validation: error listing nodes: Get https://api. xxx.xxx.xx/api/v1/nodes: dial tcp 172.30.xx.xx:443: getsockopt: connection refused
and when I run kubectl get nodes I get:
Unable to connect to the server: dial tcp 172.30.xx.xx:443: i/o timeout
Also when I run ssh -i ~/.ssh/id_rsa admin@api.xxx.xxx.xx I get:
sh: connect to host api. xxx.xxx.xx port 22: Connection refused
My question is why I cannot connect to my cluster and why I'm getting the above errors?
As the above command shows, my cluster is defined to have a private topology and no public IP addresses and an internal loadbalancer. I'm wondering if that mean I should not be able to connect to my cluster and the above errors are expected?
If all your instances are private, that is expected. I bet your xxx.xxx.xx is in some private IP range like 172.x.x.x. The usual approach to this is to create an EC2 instance with public IP address in a public network, connect to this instance and then connect to your private instances from this public instance. Such instance is generally referred to as bastion host. You will, of course, have to modify VPC security groups to allow access from your public subnet to your private subnet.
Take a look at https://docs.aws.amazon.com/quickstart/latest/linux-bastion/welcome.html for AWS-provided guides.