search

pegasystems / pega-helm-charts

Orchestrate a Pega Platform™ deployment by using Docker, Kubernetes, and Helm to take advantage of Pega Platform Cloud Choice flexibility.
https://community.pega.com/knowledgebase/articles/cloud-choice
Apache License 2.0
125 stars 200 forks source link

aws-load-balancer-controller pod is running, but log has error, and can not create ALB. #522

Closed lxm1989 closed 8 months ago

lxm1989 commented 1 year ago

Describe the bug aws-load-balancer-controller pod is in running status, but log has error, and then can not create ALB. But I followed AWS manual(https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) and no problem happened. Here are the status and log.

スクリーンショット 2023-02-14 135109 スクリーンショット 2023-02-14 134251

To Reproduce

  1. curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json

  2. aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json

  3. eksctl create iamserviceaccount \ --cluster=pega-86-demo \ --namespace=pegaaddons \ --name=aws-load-balancer-controller \ --role-name AmazonEKSLoadBalancerControllerRole \ --attach-policy-arn=arn:aws:iam::xxxxxxxxxxx:policy/AWSLoadBalancerControllerIAMPolicy \ --approve

AWS manual(error did not happen): 4.1 helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n pegaaddons \ --set clusterName=pega-86-demo \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller

Pega manual(error happened): 4.2 helm install addons pega/addons --namespace pegaaddons --values addons-eks.yaml

addons-eks.yaml:

スクリーンショット 2023-02-14 144306

Expected behavior Hope Pega can give a right manual.

Chart version 2.6.2 No customizations

Server (if applicable, please complete the following information):

sotoiwa commented 1 year ago

When we deployed aws-load-balancer-controller from the addon helm chart, the ServiceAccount was named as follows.

$ kubectl -n pegaaddons get sa
NAME                                  SECRETS   AGE
addons-aws-load-balancer-controller   1         18h
default                               1         18h

I think the problem is that this does not match the service account name allowed in the trust policy of the IAM role created with the eksctl create iamserviceaccount command.

Please check the trust policy of the IAM role.

In addition, there is a problem with the VPC ID parameter specified in the addons-eks.yaml file. VpcID is incorrect and the correct key is vpcId.

https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml#L144

sotoiwa commented 1 year ago

The instructions for replacing "YOUR_IAM_ROLE_ARN" in the addons-eks.yaml file are incorrect and must be corrected.

https://github.com/pegasystems/pega-helm-charts/blob/master/docs/Deploying-Pega-on-EKS.md#updating-the-addonsyaml-helm-chart-values

MadhuriArugula commented 8 months ago

Instructions provided in Pega docs are the links from AWS documentation. Please follow the instructions for deploying service account name as well. Regarding the prefix addons to the deployment resources, it an expected behavior from helm for the dependency charts.