aws/flatcar-linux cluster has unhealthy targets

[bruvio]

Description once craeted a cluster using

module "bruvio" {
  source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0"

  cluster_name       = var.cluster_name
  dns_zone           = var.dns_zone
  dns_zone_id        = var.dns_zone_id
  ssh_authorized_key = var.ssh_authorized_key

  # optional
  host_cidr             = "10.0.0.0/16"
  controller_count      = 1
  worker_count          = 2
  worker_node_labels = ["worker"]
}

resource "local_file" "kubeconfig-bruvio" {
  content  = module.bruvio.kubeconfig-admin
  filename = "bruvio-config"
}

i see that the health checks on the workers target group all fail, so traffic is not routed to the pod.

I can ssh into the worker and i see the service (a simple nginx pod) runs fine.

If I open the port assigned by the cp in the security group of the worker and curl the public ip of the instance the service works.

A clear and concise description of what the bug is.

Steps to Reproduce

Provide clear steps to reproduce the bug.

• [x] Explored using a vanilla cluster from the tutorials. Ruled out customizations.

Expected behavior

A clear and concise description of what you expected to happen.

Environment

• Platform: aws
• OS: flatcar-linux
• Release: Typhoon version 1.31.0
• Terraform: 1.8.4
• Plugins:
• ├── provider[registry.terraform.io/hashicorp/aws] 5.46.0 ├── provider[registry.terraform.io/hashicorp/local] ├── provider[registry.terraform.io/poseidon/ct] 0.13.0 └── module.bruvio ├── provider[registry.terraform.io/hashicorp/null] >= 2.1.0 ├── provider[registry.terraform.io/poseidon/ct] ~> 0.13 ├── provider[registry.terraform.io/hashicorp/aws] >= 2.23.0, <= 6.0.0 ├── module.bootstrap │   ├── provider[registry.terraform.io/hashicorp/random] ~> 3.1 │   └── provider[registry.terraform.io/hashicorp/tls] ~> 4.0 └── module.workers ├── provider[registry.terraform.io/hashicorp/aws] >= 2.23.0, <= 6.0.0 └── provider[registry.terraform.io/poseidon/ct] ~> 0.13

[tormath1]

Hello,

Can you provide the output from the kubectl get pods -A - all the pods are running fine? (Especially CNI)

[dghubble]

This is expected, independent of OS and platform.

The LB is setup to health check workers so it can be used with an ingress controller of your choice (if you wish). If you want to use this feature, any worker that runs an ingress controller to satisfy the GET 10254 /healthz check can serve ingress 80/443 traffic.

It's up to you to choose an ingress controller and deploy it to the cluster. Out of the box, the load balancer won't send 80/443 traffic to workers without an ingress controller, but that doesn't affect anything unless you're choosing to set it up. For tips on adding the Nginx Ingress controller (if that's your preference) the docs provide some example manifests. https://github.com/poseidon/typhoon/tree/main/addons/nginx-ingress/aws

https://typhoon.psdn.io/architecture/aws/ https://typhoon.psdn.io/addons/ingress/