2

I have a properly working setup on my AKS cluster where I followed the MS docs to use a static IP to create an ingress controller. I have now simply tried to create a similar setup in a separate namespace on the same cluster but the new load balancers EXTERNAL-IP remains <pending>.

When I examine the service I see:

Warning CreatingLoadBalancerFailed 3m29s (x16 over 53m) service-controller Error creating load balancer (will retry): failed to ensure load balancer for service ingress-dev/dev-ingress-nginx-ingress-controller: timed out waiting for the condition

I saw How to fix "failed to ensure lb" error for Nginx ingress but I have all resources (the static IP address) in the same resource group and region as the cluster. The already existing static IP for the LB that's running already is also assigned to the same RG and cluster.

Improve this question

3 Answers 3

Reset to default
5

I'm fairly certain this would be due to the service principal being misconfigured, can you do: kubectl get events --all-namespaces and see if you can find anything that relates to the ingress service that would complain about auth\wrong credentials? alternatively you can just reset service principal credentials in AKS and ensure you got the proper credentials that way.

One more thing you have to ensure is that service principal you are using has right to the resource group where the load balancer is. this should happen by default when you create the cluster, but somebody might have stripped those permissions

just in case comments get deleted: updating AKS to newer version solved this issue

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

no aut\wrong messages, just these two: ingress-dev 79s Normal EnsuringLoadBalancer service/dev-ingress-nginx-ingress-controller Ensuring load balancer ingress-dev 51m Warning CreatingLoadBalancerFailed service/dev-ingress-nginx-ingress-controller Error creating load balancer (will retry): failed to ensure load balancer for service ingress-dev/dev-ingress-nginx-ingress-controller: timed out waiting for the condition
can you try and create a kubernetes service with a type property set to LoadBalancer and see if that works?
tried with the azure-vote-front example from the docs learn.microsoft.com/en-us/azure/aks/load-balancer-standard The error is the same: 2m54s Normal EnsuringLoadBalancer service/azure-vote-front Ensuring load balancer 2m54s Warning CreatingLoadBalancerFailed service/azure-vote-front Error creating load balancer (will retry): failed to ensure load balancer for service ingress-dev/azure-vote-front: timed out waiting for the condition
thats really weird. you assigned permissions to the MC_bla-bla-bla resource group, right? one more thing you can try - update kubernetes to a newer version. this will redeploy the masters and workers. so if something is stuck somewhere it might get unstuck. I'd also delete all the service objects before doing that
Phew, that did the trick. Cluster was on 1.14.6 so I had only a beta version to upgrade to but I did it anyway. running 1.15.3 and it works now... re-created the ingress using the same helm chart and settings and the fixed IP address was binding to it within 2 minutes... Thanks for your help!
|
3

create static IP with "--sku Standard"

STATICIP=$(az network public-ip create --resource-group <MC_your-RG> --name Your-public-ip-name --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv)

And now:

helm install stable/nginx-ingress --name --namespace --set rbac.create=true --set controller.replicaCount=2 --set controller.stats.enabled=true --set controller.metrics.enabled=true --set controller.nodeSelector."beta.kubernetes.io/os"=linux --set defaultBackend.nodeSelector."beta.kubernetes.io/os"=linux --set controller.service.externalTrafficPolicy="Local" --set controller.service.loadBalancerIP=${STATICIP}
Improve this answer

Comments

2

When creating a kubernetes cluster, Azure automatically creates another resource group to hold the VMs that actually power the cluster.
I have noticed, if the static IP is created in the same resource group (as the VMs) it begins to work.

Improve this answer

1 Comment

but how do you create the static IP in the node resource group before AKS creates the group and adds it's own IP and load balancer....this is a chicken and egg issue

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.