[Bug]: Waiting for load-balancer to get an IP... Hangs

[dmorn]

Description

Installation hangs because traefik cannot be installed. This is because the configuration is not valid:

if [[ ${KUBERNETES_SERVICE_HOST} =~ .*:.* ]]; then
    echo "KUBERNETES_SERVICE_HOST is using IPv6"
    CHART="${CHART//%\{KUBERNETES_API\}%/[${KUBERNETES_SERVICE_HOST}]:${KUBERNETES_SERVICE_PORT}}"
else
    CHART="${CHART//%\{KUBERNETES_API\}%/${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}}"
fi

set +v -x
+ [[ true != \t\r\u\e ]]
+ [[ '' == \1 ]]
+ [[ '' == \v\2 ]]
+ shopt -s nullglob
+ [[ -f /config/ca-file.pem ]]
+ [[ -f /tmp/ca-file.pem ]]
+ [[ -n '' ]]
+ helm_content_decode
+ set -e
+ ENC_CHART_PATH=/chart/traefik.tgz.base64
+ CHART_PATH=/tmp/traefik.tgz
+ [[ ! -f /chart/traefik.tgz.base64 ]]
+ return
+ [[ install != \d\e\l\e\t\e ]]
+ helm_repo_init
+ grep -q -e 'https\?://'
+ [[ helm_v3 == \h\e\l\m\_\v\3 ]]
+ [[ traefik/traefik == stable/* ]]
+ [[ -n https://traefik.github.io/charts ]]
+ [[ -f /auth/username ]]
+ helm_v3 repo add traefik https://traefik.github.io/charts
"traefik" already exists with the same configuration, skipping
+ helm_v3 repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "traefik" chart repository
Update Complete. ⎈Happy Helming!⎈
+ helm_update install --namespace kube-system
+ [[ helm_v3 == \h\e\l\m\_\v\3 ]]
++ helm_v3 ls --all -f '^traefik$' --namespace kube-system --output json
++ jq -r '"\(.[0].chart),\(.[0].status)"'
++ tr '' ''
+ LINE=null,null
+ IFS=,
+ read -r INSTALLED_VERSION STATUS _
+ VALUES=
+ for VALUES_FILE in /config/*.yaml
+ VALUES=' --values /config/values-01_HelmChart.yaml'
+ [[ install = \d\e\l\e\t\e ]]
+ [[ null =~ ^(|null)$ ]]
+ [[ null =~ ^(|null)$ ]]
+ echo 'Installing helm_v3 chart'
+ helm_v3 install --namespace kube-system traefik traefik/traefik --values /config/values-01_HelmChart.yaml
Error: INSTALLATION FAILED: template: traefik/templates/service.yaml:27:12: executing "traefik/templates/service.yaml" at <index (default dict $config.expose) $name>: error calling index: can't index item of type bool
Stream closed EOF for kube-system/helm-install-traefik-fqkzh (helm)

Kube.tf file

locals {
  hcloud_token = "***"
}

module "kube-hetzner" {
  providers = {
    hcloud = hcloud
  }
  hcloud_token = var.hcloud_token != "" ? var.hcloud_token : local.hcloud_token

  source = "kube-hetzner/kube-hetzner/hcloud"

  ssh_public_key = file("${path.module}/keys/ed25519.pub")
  ssh_private_key = file("${path.module}/keys/ed25519")
  network_region = "eu-central" # change to `us-east` if location is ash

  control_plane_nodepools = [
    {
      name        = "control-plane-fsn1",
      server_type = "cax21",
      location    = "fsn1",
      labels      = [],
      taints      = [],
      count       = 1
    },
    {
      name        = "control-plane-nbg1",
      server_type = "cax21",
      location    = "nbg1",
      labels      = [],
      taints      = [],
      count       = 1
    },
    {
      name        = "control-plane-hel1",
      server_type = "cax21",
      location    = "hel1",
      labels      = [],
      taints      = [],
      count       = 1
    }
  ]

  agent_nodepools = [
    {
      name        = "agent-fns1-cax21",
      server_type = "cpx21",
      location    = "fsn1",
      labels      = [],
      taints      = [],
      count       = 1
    }
  ]

  load_balancer_type     = "lb11"
  load_balancer_location = "fsn1"

  ingress_controller = "traefik"
  ingress_target_namespace = "kube-system"
  # traefik_additional_options = ["--api.dashboard=true", "--entryPoints.amqp.address=:5672"]
  traefik_additional_ports = [{name = "amqp", port = 5672, exposedPort = 5672}]

  allow_scheduling_on_control_plane = true

  cluster_name = "k3s"
  use_cluster_name_in_node_name = false

  extra_firewall_rules = [
    {
      description = "For RabbitMQ"
      direction       = "in"
      protocol        = "tcp"
      port            = "5672"
      source_ips      = ["0.0.0.0/0", "::/0"]
      destination_ips = [] # Won't be used for this rule
    },
  ]

  cni_plugin = "cilium"
  cilium_routing_mode = "native"

  # Enables Hubble Observability to collect and visualize network traffic. Default: false
  # cilium_hubble_enabled = true
  disable_kube_proxy = true
  disable_network_policy = true

  # IP Addresses to use for the DNS Servers, the defaults are the ones provided by Hetzner https://docs.hetzner.com/dns-console/dns/general/recursive-name-servers/.
  # The number of different DNS servers is limited to 3 by Kubernetes itself.
  # It's always a good idea to have at least 1 IPv4 and 1 IPv6 DNS server for robustness.
  dns_servers = [
    "1.1.1.1",
    "8.8.8.8",
    "2606:4700:4700::1111",
  ]
}

provider "hcloud" {
  token = var.hcloud_token != "" ? var.hcloud_token : local.hcloud_token
}

terraform {
  required_version = ">= 1.5.0"
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
      version = ">= 1.43.0"
    }
  }
}

output "kubeconfig" {
  value     = module.kube-hetzner.kubeconfig
  sensitive = true
}

variable "hcloud_token" {
  sensitive = true
  default   = ""
}

Screenshots

No response

Platform

Mac

[dmorn]

This is a duplicate of my own issue here: #1322. The problem is here

terraform-hcloud-kube-hetzner/locals.tf

Line 636 in d1aea66

expose: true

as apparently the helm chart is not using expose: true but rather expose: default: true (see https://github.com/traefik/traefik-helm-chart/blob/70482164837dc95c2b539985a4b87aac615fe80e/traefik/values.yaml#L640). PR coming

[dmorn]

Yep, confirmed! The change came 2 months ago with commit traefik/traefik-helm-chart@7e349d4