-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installation of AWS load balancer failed to deploy successfully #2956
Comments
I found a related ticket: #1597 Because I am using an IAM role that has admin level access, it should not be necessary for me to add IAM permissions. My workflow is to get something working first using the admin role, then re-do the process using a developer role, and add IAM permissions where needed. Following that ticket, I found the following event:
Due to how recent the timestamp of the warning is, and how long ago I did the deployment (15 days ago), it looks like older events are purged? |
Now I think I understand "MinimumReplicasUnavailable". It arose due to the "FailedCreate" error. A pod should be created but it could not be created.
|
I reviewed the installation instructions and see that I missed a section: I thought the section related to IAM permissions which I didn't need to modify because I'm working with an admin role. But that section covers the creation of the service account I'm re-reading that section now and will attempt to follow it. |
I'm trying to figure out if we use an AWS region that is a part of GovCloud. I've asked this question to our TAM but it would be helpful to have an answer here too. Our EKS cluster is in the us-east-1 region. Does that mean when creating the IAM policy, I should follow the GovCloud instruction? Specifically:
|
@ta1meng, the gov cloud permissions don't work on other regions. For us-east-1 region, you'd need to refer to |
Thank you @kishorj! I've gotten farther now.
However the suggested change to the load balancer specification does not seem to work. With external instance With nlb instance Are you able to tell, based on the warnings I'm seeing, whether I've successfully invoked |
@ta1meng, you don't need step 3 to successfully setup the controller. The warning event from your prior screenshots -
|
The service account kube-system/aws-load-balancer-controller has the annotation I do see the CloudFormation stack: However I cannot find the IAM policy or IAM role that I thought I created yesterday. Yesterday's log:
The AWS account ID in the log appears correct. It is possible that I did create the policy and the IAM role, but they got auto deleted afterwards. I'm aware of that mechanism in our Production AWS account, but wasn't sure if that mechanism is also put in place in our Systems (test) AWS account. I'll attempt to recreate the IAM policy and IAM role later to see if they show up in AWS console. If they do show up and get auto deleted after a period of time, we will have established the cause to the latest issue, and then I will think about whether it is time well spent to continue trying to get One question, if we created a brand new EKS cluster today, would it come with If not, are there plans to include |
I found sufficient evidence of the auto deletion of IAM policies and IAM roles created outside our From my perspective, Regarding that perspective, David responded:
David and I have a meeting scheduled today where we will discuss what issues we should expect to run into if we don't install |
David and I have exchanged emails. I have decided to not use Instead I will write a script using AWS CLI to complete the automation. That is, we'll use CCM to create a load balancer with the wrong setting for "Preserve client IP". We would then run a script that uses AWS CLI to correct the value of that setting. |
One comment. I tried uninstalling When I deleted the ingress service tied to the load balancer, it restarted but got stuck in an "Ensuring load balancer" state. So in this case, I've decided to destroy our EKS cluster and recreate it, as our previous EKS instance was going to reach its end of support date in February. I wonder if AWS has better uninstallation documentation for |
Correction. The uninstallation seemed successful. It's been so long since I had tried to install aws-load-balancer-controller that I had forgotten that KCM/CCM did not support load balancers of type "external"? Because once I reverted the changes in the load balancer annotations (back to type "nlb"), in a brand new EKS instance, the load balancer got created successfully. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
Have you fixed your problem? |
I'm not sure which problem you are referring to, but I have summarized the outcome in #2956 (comment) |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Describe the bug
I followed https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html to install the AWS load balancer in our EKS cluster.
The final state should be a successfully deployed AWS load balancer:
However what I see is:
When I describe the deployment, I see:
What does "MinimumReplicasUnavailable" mean?
Steps to reproduce
Follow the guide at https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html.
Expected outcome
Environment
Additional Context:
The text was updated successfully, but these errors were encountered: