Support issue with EC2 provisioner and AWS EC2 Classic

[thesurlydev]

I'm attempting to install inlets-operator by way of arkade which results in:

$ kubectl logs -n inlets deploy/inlets-operator
2020/08/08 19:10:49 Inlets client: inlets/inlets:2.7.3
2020/08/08 19:10:49 Inlets pro: false
W0808 19:10:49.685014       1 client_config.go:552] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0808 19:10:49.685868       1 controller.go:121] Setting up event handlers
I0808 19:10:49.685900       1 controller.go:243] Starting Tunnel controller
I0808 19:10:49.685903       1 controller.go:246] Waiting for informer caches to sync
I0808 19:10:49.785997       1 controller.go:251] Starting workers
I0808 19:10:49.786007       1 controller.go:257] Started workers
2020/08/08 19:10:49 Creating tunnel for nginx-1-tunnel.default
I0808 19:10:49.789938       1 controller.go:315] Successfully synced 'default/nginx-1'
2020/08/08 19:10:49 Provisioning started with provider:ec2 host:nginx-1-tunnel
E0808 19:10:51.798084       1 controller.go:320] error syncing 'default/nginx-1-tunnel': InvalidParameter: The AssociatePublicIpAddress parameter is only supported for VPC launches.
        status code: 400, request id: 7bc05cdf-7eb5-4167-9f44-3616397a40c6, requeuing

Secondary to the above, I had a hard time finding documentation for installing with AWS provider.

Expected Behaviour

Installing inlets-operator via arkade results in no error messages and creates an EC2 instance and whatever other steps should be done as part of what constitutes a successful install.

Documentation should be easier to find and should provide clear steps for a successful install and what to do if there's an issue. The documentation should also explicitly detail what will be done in the providers' account.

Current Behaviour

Possible Solution

Steps to Reproduce (for bugs)

export AWS_PROFILE=default
kubectl create ns inlets
arkade install inlets-operator -n inlets \
    -p ec2 \
    -r us-west-2 \
    -z us-west-2a \
    --token-file ~/Downloads/access-key \
    --secret-key-file ~/Downloads/secret-access-key

using arkade version is 0.6.0

where access-key and secret-access-key files just contain the access key and secret access key respectively.

Context

Your Environment

• inlets-operator version, find via kubectl get deploy inlets-operator -o wide

• Kubernetes distribution i.e. minikube v0.29.0., KinD v0.5.1, Docker Desktop: Bare metal 4 node cluster.

• Kubernetes version kubectl version: 1.18.6

• Operating System and version (e.g. Linux, Windows, MacOS): Linux (Ubuntu 20.04)

• Cloud provisioner: AWS (us-west-2)

[alexellis]

Thanks for the report.

I'll ping @Waterdrips to see if he can repro.

@adamjohnson01 do you mind taking a look as the author of the AWS provisioning code? https://github.com/inlets/inletsctl/tree/master/pkg/provision#maintainers-for-each-provider

[alexellis]

/set title: Support issue with EC2 provisioner

[alexellis]

@digitalsanctum what kind of documentation (specifically) do you think needs adding?

[thesurlydev]

@alexellis Perhaps it's enough just to update this section: https://github.com/inlets/inlets-operator#using-a-provider-which-requires-an-access-key-and-secret-key-aws-ec2-scaleway

It was only through trial and error that I got the right combination of args that worked with AWS. For args that accept a file/path, specify what's expected to be in the file.

Another hiccup related to documentation is that the required fields for specific providers are not obvious so that was more trial and error. For AWS and possibly other providers, there's no way to specify a VPC (if you have more than one in a region).

[alexellis]

Happy to take a suggested block of text to add here, or via a PR (more paperwork and process) - both will give the same end result.

[Waterdrips]

@digitalsanctum - Do you have an old AWS account with EC2 Classic enabled?

I was able to get tunnels spun up on AWS EC2 using a new AMI user with EC2 full access into eu-west-1 region with default settings.

Worked with both inlets and inlets-pro.

[thesurlydev]

@Waterdrips I do have an old account with EC2 classic enabled. I also don't have a default VPC which is why I'm guessing the code as it is works without specifying a VPC. I'm guessing that providing an optional VPC arg may help in this case and the other case I mentioned above where there might be more than one VPC in the target account/region.

[thesurlydev]

I've found the same issue occurs when using inletsctl so I'm going to attempt to update code there to get things working for me. I'll report back when I know more.

[Waterdrips]

/set title: Support issue with EC2 provisioner and AWS EC2 Classic

[thesurlydev]

I think this issue has more to do with no default VPC being available. See my PR against inetsctl for proposed fix: inlets/inletsctl#75

[adamjohnson01]

@alexellis, I would but i will not have access to a computer for a few weeks.

[Waterdrips]

This depends on inlets/inletsctl#75

[thesurlydev]

@alexellis I'm happy to propagate fix here from my fix in inletsctl.