Open ougabriel opened 1 month ago
The LoadBalancer
service is stuck in the <pending>
state for the EXTERNAL-IP
field, it could be due to several issues with your AWS setup or Kubernetes configuration. Here are some steps to troubleshoot and resolve the issue:
kubernetes.io/role/elb
Value: 1
kubernetes.io/cluster/<your-cluster-name>
Value: shared
To check and add tags:
Ensure that Kubernetes cluster is configured correctly to provision AWS load balancers. Check the following:
kubectl get pods -n kube-system
Look for the aws-load-balancer-controller
pod. If it's not there, follow the installation guide.
Inspect the Kubernetes events to see if there are any errors related to the creation of the load balancer:
kubectl describe svc tetris-app2 -n tetris-app
Ensure service YAML file is correct. Here is a revised example:
apiVersion: v1
kind: Service
metadata:
name: tetris-app2
namespace: tetris-app
spec:
type: LoadBalancer
selector:
app: tetris-app
ports:
- protocol: TCP
port: 80
targetPort: 80
Apply the configuration:
kubectl apply -f tetris-app-service.yaml
The policy should include permissions like:
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeTags",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
Here’s a complete example of a service configuration for a load balancer:
apiVersion: v1
kind: Service
metadata:
name: tetris-app2
namespace: tetris-app
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb" # Or "elb" for classic load balancer
spec:
type: LoadBalancer
selector:
app: tetris-app
ports:
- protocol: TCP
port: 80
targetPort: 80
Issue output
Possible solution
Attaching an AWS IAM role to an existing EC2 instance that is running Kubernetes (K8s) and needs to interact with a load balancer to expose the application running inside the K8s pods involves several steps. Here is a detailed guide:
Step 1: Create an IAM Role with Necessary Permissions
Create a Policy:
Create an IAM Role:
Step 2: Attach IAM Role to Existing EC2 Instance
Step 3: Redeploy the service