aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

The certificate must have a fully-qualified domain name, a supported signature, and a supported key size.

Open uriworkaccount opened this issue 4 months ago • 2 comments

Describe the bug I am trying to set up NLB with aws-load-balancer-controller in a private subnet. I did so in my dev account, i tried to do the same in a prod account, but i received errors: first of all, after tagging the relevant subnets as required (kubernetes.io/role/internal-elb=1, see picture) , it still didn't work, i got the error: failed build model due to unable to resolve at least one subnet (0 match VPC and tags: [kubernetes.io/role/internal-elb]) so i had to manually register the subnets (see yaml), after which everything was ok.

after that, I tried to add a valid certificate, but i get the error: The certificate must have a fully-qualified domain name, a supported signature, and a supported key size.

additionally, when recreating the resources, i had to manually delete some, as they weren't all deleted on helm uninstall.

please help.

Steps to reproduce

helm install, filled in the eks name. this is the yaml for the nlb service:

apiVersion: v1
kind: Service
metadata:
  name: nlb-service
  namespace: ingress-controller
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "external"
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"  # or "ip" for IP mode
    service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
    service.beta.kubernetes.io/aws-load-balancer-subnets: xxx, xxx
    service.beta.kubernetes.io/aws-load-balancer-name: xxxx
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <arn>

spec:
  type: LoadBalancer
  ports:
    - port: 443
      targetPort: 80
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    #app.kubernetes.io/component: controller

this is the certificate: image

this is the listener, due take note that i can't manually add a certificate or choose a security policy.

image

these are the tags for the subnets image

screen pictures of errors: image image

Expected outcome create nlb

Environment

  • AWS Load Balancer controller version - 1.8.1
  • Kubernetes version - 1.30
  • Using EKS (yes/no), if so version? yes, 1.30 Additional Context:

uriworkaccount avatar Oct 15 '24 02:10 uriworkaccount