search

kubernetes / ingress-nginx

Ingress NGINX Controller for Kubernetes
https://kubernetes.github.io/ingress-nginx/
Apache License 2.0
17.43k stars 8.24k forks source link

AWS EKS NLB is "Unhealthy: Health checks failed" #11813

Closed davidt-gh closed 2 months ago

davidt-gh commented 2 months ago

What happened: NLB was created but targets are unhealthy:

Unhealthy: Health checks failed

What you expected to happen:

Installing NGINX on EKS and getting working NLB

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v1.11.1
  Build:         7c44f992012555ff7f4e47c08d7c542ca9b4b1f7
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.25.5

-------------------------------------------------------------------------------

Kubernetes version (use kubectl version): Client Version: v1.30.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.30.2-eks-db838b0

Environment:

And used the next values:

  controller:
    replicaCount: 2
    service:
      targetPorts:
        http: http
        https: http
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: "external"
        service.beta.kubernetes.io/aws-load-balancer-name: eks-dev-nlb
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
        service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: false
        service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
        service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      externalTrafficPolicy: "Cluster"

Name: nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.11.1 argocd.argoproj.io/instance=nginx helm.sh/chart=ingress-nginx-4.11.1 Annotations: Controller: k8s.io/ingress-nginx Events: 


  - `kubectl -n <ingresscontrollernamespace> get all -A -o wide`
  - `kubectl -n <ingresscontrollernamespace> describe po <ingresscontrollerpodname>`
  - `kubectl -n <ingresscontrollernamespace> describe svc <ingresscontrollerservicename>`
 I think it's too much messy for here, let me know if it's needed

- **Others**:
Here is NLB screenshot:
![image](https://github.com/user-attachments/assets/759272c2-0981-4c1a-9806-a38edc35887d)

**How to reproduce this issue**:
It need to be in EKS just like I described on "how installed"

**Anything else we need to know**:

I've installed AWS-LoadBalancer Controller based on this guide: https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html
I'm not sure if NGINX should be installed without nothing, or with AWS-LB-CONTROLLER to have a new NLB.
Logs show no error, and even aws-lb-co' didn't show any error.
<!-- 
/kind documentation
/remove-kind bug
-->
k8s-ci-robot commented 2 months ago

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
longwuyuan commented 2 months ago

/remove-kind bug /kind support

longwuyuan commented 2 months ago

/triage needs-information

longwuyuan commented 2 months ago

since you have not updated, can we assume that this issue is closed for now. you can reopen if you find a bug and post the data showing the bug in the controller here. Otherwise keeping issues open without tracking just adds to the open issues tally.

/close

k8s-ci-robot commented 2 months ago

@longwuyuan: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-nginx/issues/11813#issuecomment-2300621569): >since you have not updated, can we assume that this issue is closed for now. you can reopen if you find a bug and post the data showing the bug in the controller here. Otherwise keeping issues open without tracking just adds to the open issues tally. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
davidt-gh commented 2 months ago

/remove-kind bug /kind support

  • Can you try with backend-protocol: tcp

@longwuyuan longwuyuan This is stucking the service and I'm getting event: Failed build model due to invalid value tcp for Load Balancer proxy protocol v2 annotation, only value currently supported is *

/open