ELB Integration failing when Cluster installed via Terraform

[chrisricci]

Exposing a service of type='LoadBalancer' fails to provision the ELB in AWS.

Controller Logs shows the following:

E0414 18:44:13.332619       1 servicecontroller.go:760] Failed to process service. Retrying in 5m0s: Failed to create load balancer for service policy-demo/hello-world: Multiple tagged security groups found for instance i-041e7788960d67752; ensure only the k8s security group is tagged
W0414 18:49:13.802150       1 aws.go:2751] Error opening ingress rules for the load balancer to the instances: Multiple tagged security groups found for instance i-041e7788960d67752; ensure only the k8s security group is tagged
E0414 18:49:13.802323     

[bobstead]

It looks like this is a similar problem to kubernetes/kubernetes#26787.

The master and workers all have two security groups that are tagged KubernetesCluster=<value>. Removing that specific tag from the sg-cluster_default security group that the tectonic installer sets up, fixes the issue and kubernetes was able to successfully create the ELB and assign the correct instances.

Perhaps the cluster default security group should not be tagged with KubernetesCluster=??

A fix, assuming it's the right thing to do, would be to patch security-groups.tf so that the KubernetesCluster tag is not added.

Further analysis shows that PR 218 added these tags to the file linked above, but probably shouldn't have added the KubernetesCluster tag in there also. I'm unable to add PR's to this project at this time (work reasons), if someone can create a patch for that file, I believe it would fix this particular issue.

[alexsomesan]

We are going to reorganize the security groups to explicitly open ports as needed. We'll keep this aspect in mind when implementing #248 and there should not be any other work necessary to fix this issue once that is complete.

[s-urbaniak]

#264 fixes this by assigning at most one security group for workers/masters.

[s-urbaniak]

resolved by #264