search

rancher / rancher

Complete container management platform
http://rancher.com
Apache License 2.0
23.14k stars 2.94k forks source link

Rancher with AWS LB controller fails health checks. #45138

Closed ChaitDevOps closed 1 month ago

ChaitDevOps commented 4 months ago

Hello,

I'm trying to launch Rancher with the AWS LB controller and i'm getting health checks failed for the ingress. Can someone please look at my set up and let me know if something that's obvious?

EKS cluster version: 1.28 EndPointAcces: Public and Private Nodegroup: Private Subnet Security Group ALB-Ingress allows Inbound & Outbound traffic from 0.0.0.0/0 on port 80 and 443. Outbound rule allows traffic to the security group created for the EKS nodegroup. I updated the rancher service to a NodePort. Error message for healthcheck failed "request timed out" 


Type:                     NodePort                                                                                                                                                                                                         │
│ IP Family Policy:         SingleStack                                                                                                                                                                                                      │
│ IP Families:              IPv4                                                                                                                                                                                                             │
│ IP:                       <>                                                                                                                                                                                                   │
│ IPs:                      <>                                                                                                                                                                                                   │
│ Port:                     http  80/TCP                                                                                                                                                                                                     │
│ TargetPort:               80/TCP                                                                                                                                                                                                           │
│ NodePort:                 http  30182/TCP                                                                                                                                                                                                  │
│ Endpoints:               <>:80,<>:80,<>:80                                                                                                                                                                  │
│ Port:                     https-internal  443/TCP                                                                                                                                                                                          │
│ TargetPort:               444/TCP                                                                                                                                                                                                          │
│ NodePort:                 https-internal  32303/TCP                                                                                                                                                                                        │
│ Endpoints:                <>:444,<>:444,<>:444                                                                                                                                                               │
│ Session Affinity:         None                                                                                                                                                                                                             │
│ External Traffic Policy:  Cluster

helm install rancher rancher-stable/rancher \
   --version 2.8.3 \ 
   --namespace cattle-system \ 
   --set hostname=<hostname> \ 
   --set bootstrapPassword=<passwd> \ 
   --set tls=external \ 
   --set ingress.enabled=false
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: aws-rancher
  namespace: cattle-system
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/certificate-arn : "<cert>"
    alb.ingress.kubernetes.io/security-groups : "<ALB-Ingress>"
    alb.ingress.kubernetes.io/listen-ports : "[{ \"HTTPS\" : 443 }, { \"HTTPS\" : 80 }]"
    alb.ingress.kubernetes.io/success-codes : "200,401,301,302"
    alb.ingress.kubernetes.io/healthcheck-interval-seconds : "60"
    alb.ingress.kubernetes.io/subnets : "subnet-public1,subnet-public2"
    alb.ingress.kubernetes.io/healthcheck-path: "/healthz"

spec:
  ingressClassName: alb
  rules:
    - host: <hostname>
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: rancher
                port:
                  number: 80
andruslippmaa commented 3 months ago

I had the same problem. I got Rancher working when I deleted path "/" check condition from AWS ALB listener rules and also needed to set "path: /" parameter empty at aws-rancher ingress rules. This problem seems appear from Rancher version 2.7.5 and up.

github-actions[bot] commented 1 month ago

This repository uses an automated workflow to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the issue in 14 days. Thank you for your contributions.