New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setting internal loadBalancerIP does not work #422
Comments
when was this cluster created? region? basic networking or advanced? |
a few hours ago, centralus, advanced networking |
@JunSun17 I believe there was a fix for this issue. can you confirm? |
@theMichaelB Can you remove the loadBalancerIP field from your template file, I think it will be assigned from the subnet you provided, but not sure you can specify it. |
@JunSun17 yes if I remove it, everything works, but being able to specify the IP means we can map it via DNS etc (I know I can script it etc, but laziness!) it is also documented at https://docs.microsoft.com/en-my/azure/aks/internal-lb Is it possible to specify which subnet the lb is deployed to? |
@theMichaelB currently AKS only takes one subnet, so you do not need to provide it. Actually I do not know you can specify the IP address in ILB creation. If so, you will need to make sure:
|
@JunSun17 What would it take to get a definitive answer for this? Is the code for this going to be in ACS-Engine? or is it a custom AKS thing? If it isn't possible then it isn't possible, (and I'll go and update the above doc) |
@sauryadas the specified IP does reside in the same subnet, and isn't already assigned to a resource. I have also granted the Service principal access to the Vnet that the subnet is in. (it is in a different resource group - I wonder if that is the issue?) |
Hi, I can relate to this issue. I built an AKS Cluster with basic networking. When specifying a LoadBalancerIP :
Region : West Europe EDIT : Built an hour ago |
More informations : I can make as many Load Balancer as I want but they all need to have different IPs. |
I think this is an Azure Loadbalancer limitation @aanandr Can you please confirm the below? @JunSun17 The below should work. Can you please take a look? the specified IP does reside in the same subnet, and isn't already assigned to a resource. |
@sauryadas @JunSun17 I am also experiencing this. Any updates? |
@sauryadas @aanandr getting a similar issue, AKS K8S v 1.10.3, not an internal IP, specifying a public IP for the load balancer, the IP is in a different RG. This did work earlier, same k8s version, but this was a fresh cluster. could do with some more detailed error about "the condition".
I've tried deleting and recreating the Service. |
Just tried with brand new cluster, and new IP address, same issue. If I create a service with no IP specified the LoadBalancer gets created. If I add the IP back, I get:
Anyway I can get more logs? |
I've tried to reproduce this morning a number of different ways - everything fresh - and all works as expected. Will update if I see it again, but could do with some guidance on getting additional logs should it occur. |
Something isn't right. I have no Load Balancer in the resource group. Deploy the exact same YAML, LoadBalancer is now stuck in pending:
And no events if do a describe:
It seems to be if I deploy a service - the first one on a cluster, delete it, then recreate it the LB doesn't get created. Similar to what @VincentSurelle says. Will try verify further. Happy for you to ping me offline, GitHub name is MS alias to walk through. Thanks. |
I've narrowed down the situation in which I get the issue, and can reproduce, it's something specific around RBAC and SPs so might not be the case for all the above situations. If you initially don't have the right rights assigned to the SP to VNets/RGs then the LB creation fails and get a semi useful error in events. this is as expected. If I then correct the SP assignment, delete and recreate the service I get the "timed out waiting for the condition". I can't seem to recover from this. If I create a new cluster, and assign the correct SP rights prior to deploying the service all works fine. Here's an example, using an IP in different RG, but expect it could be the same for other SP related issues. YAML:
Steps:
Still doesn't work. I guess need to recreate a session somewhere given there is a new SP assignment? Might be completely wrong... |
@marrobi Thanks for the detailed update! Why do you: I think by default the SP should have owner role on RG, do you have to change role assignments here? |
As in my example the IP is in another RG the SP needs adding. You are correct that Reader isn't sufficient (it needs to be network contributor, but not necessarily Owner) . What I'm trying to show is if initially the SP has incorrect assignment, even when corrected the load balancer still had issues. It seems to be related to caching.
If you leave it for say 20mins, it does seem to sort itself out. Give it a try as I've detailed and you will get the errors described in the issue.
…________________________________
From: Jun Sun <notifications@github.com>
Sent: Friday, July 6, 2018 5:41:44 PM
To: Azure/AKS
Cc: Marcus Robinson; Mention
Subject: Re: [Azure/AKS] setting internal loadBalancerIP does not work (#422)
@marrobi<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmarrobi&data=02%7C01%7CMarcus.Robinson%40microsoft.com%7Cc9afe547cb66458db13808d5e35f5cc6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664921074901923&sdata=ERnZ4a7JKWzIRcdAo8jay0K5unhI%2FlWbP2%2BCJ0C1TL0%3D&reserved=0> Thanks for the detailed update!
Why do you:
az role assignment create --role "Reader" --assignee $CLIENT_ID --resource-group $RG
I think by default the SP should have owner role on RG, do you have to change role assignments here?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FAKS%2Fissues%2F422%23issuecomment-403086492&data=02%7C01%7CMarcus.Robinson%40microsoft.com%7Cc9afe547cb66458db13808d5e35f5cc6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664921074901923&sdata=MfZm4sY%2B1Q2rplZ9seR%2BsDFZB8eAXqCxIYO4jJ8T1jg%3D&reserved=0>, or mute the thread<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAQTE7W1nNo7MZXaN-YGKu2kBa45JlaN3ks5uD5NIgaJpZM4UjWBD&data=02%7C01%7CMarcus.Robinson%40microsoft.com%7Cc9afe547cb66458db13808d5e35f5cc6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664921074901923&sdata=n8WFzY1VSJeP3wLsp9qjYKG1TCCd7bTH0v3NlS3eshU%3D&reserved=0>.
|
I'm hitting this issue as well. The load balancer is created fine when loadBalancerIP is not specified, but when specified, the External-IP is always "pending" |
@lfshr Please check logs of kube-controller-manager and find what's wrong in that. It's probably the ip is not in same resource group as kubernetes nodes. Refer https://docs.microsoft.com/en-us/azure/aks/view-master-logs for guides to do this. |
Yep, I was being stupid. Thanks @feiskyer |
@lfshr It's a long shot, but do you remember what the issue was? I'm in the same position - pending with specific external IP but created fine without it. Optimally, I'd like to point to the hostname of specific ELB. Unfortunately I am using AWS which hasn't implemented master logs yet so I can't see the error.... |
Closing issue as stale. |
I am also facing the same issue. Then i deleted my helm release and tried installing it again and since then its stuck with time out or waiting error |
Using the following service, attempting to specify the loadBalancerIP fails with -
Error creating load balancer (will retry): failed to ensure load balancer for service default/mongodb-service: timed out waiting for the condition
Removing the loadBalancerIP line works as expected
The text was updated successfully, but these errors were encountered: