aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Ingress Address not updated when cluster has Private Nodes

Open skamalj opened this issue 3 years ago • 3 comments

Describe the bug I have a cluster where nodes do not have internet access (no NAT or anything else). ALB Controller creates a ALB, which I can see in the console, and this URL, taken from AWS console, takes me to application page and it opens and works all ok.

The problem is ingress fails to update with this endpoint. The error is " Failed Deploy Model due to Request error send request failed caused by: "https://wafv2.ap-south-1.amazonaws.com/" dial tcp <IP address> i/o timeout "

I have also attached image of this status on ingress.

Steps to reproduce

  1. Create private cluster where nodes do not have internet access.
  2. Deploy ALBC
  3. Deploy application on this page - https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.1/docs/examples/2048/2048_full.yaml

Expected outcome Ingress address should be updated and available when describing it.

Environment

  • AWS Load Balancer controller version - 2.4.1
  • Kubernetes version - 1.22
  • Using EKS (yes/no), if so version? Yes, 1.22

Additional Context: ingress-error-private-nodes

skamalj avatar May 07 '22 19:05 skamalj

I have tried this for both internet-facing and internal ingress, both result in same error.

skamalj avatar May 07 '22 19:05 skamalj

I have worked around by adding these 3 settings while deployment. --set enableShield=false
--set enableWaf=false
--set enableWafv2=false

I think for now , if required, these will need to be enabled manually on load balancers later on.

skamalj avatar May 08 '22 07:05 skamalj

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 06 '22 07:08 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Sep 05 '22 07:09 k8s-triage-robot

@skamalj, I'm closing the issue. If problem persists, feel free to reach out to us.

kishorj avatar Sep 06 '22 16:09 kishorj