I m trying to create an ingress for an application using `ne Pulumi Community #aws

I'm trying to create an ingress for an application...

adamant-terabyte-3965

06/10/2022, 4:57 PM

I'm trying to create an ingress for an application using

new k8s.networking.v1.Ingress

and am failing the

pulumi up

with this error:

Copy code

kubernetes:<http://networking.k8s.io/v1:Ingress|networking.k8s.io/v1:Ingress> (api-ingress):
    error: resource test/api-ingress was not successfully created by the Kubernetes API server : admission webhook "vingress.elbv2.k8s.aws" denied the request: invalid ingress class: <http://IngressClass.networking.k8s.io|IngressClass.networking.k8s.io> "alb" not found

The way I have set it up is extremely similar to this blog post: https://www.pulumi.com/blog/kubernetes-ingress-with-aws-alb-ingress-controller-and-pulumi-crosswalk/ Does anyone have any idea what is going wrong? Ultimately I'd like to have it set up where the ALB Controller auto creates an ALB when detecting an ingress, I'm not completely sure its even the ingress creation that is the issue.

billowy-army-68599

06/10/2022, 4:58 PM

what version kibernetes cluster did you provision? I think the APIs have changed

billowy-army-68599

06/10/2022, 4:58 PM

this blog post is unfortunately 3 years old and k8s has changed significantly since then

adamant-terabyte-3965

06/10/2022, 4:58 PM

The EKS cluster is version 1.22

billowy-army-68599

06/10/2022, 4:58 PM

can you share the code you have?

billowy-army-68599

06/10/2022, 4:59 PM

in a github gist would be great

adamant-terabyte-3965

06/10/2022, 5:01 PM

yes one second

adamant-terabyte-3965

06/10/2022, 5:21 PM

https://gist.github.com/LukeOman/23bd09eda749f84ff6937ad9d67956a1

adamant-terabyte-3965

06/10/2022, 5:22 PM

That is the code for the ALB controller and the ingress, there is other code for things like VPC set up, cluster set up and configuration, IAM Roles, policies, and deployment, but this is what I think is the relevant code? I'm extremely new to Pulumi though.

billowy-army-68599

06/10/2022, 5:24 PM

@adamant-terabyte-3965 i believe you just need to define an ingress class: https://www.pulumi.com/registry/packages/kubernetes/api-docs/networking/v1beta1/ingressclass/

adamant-terabyte-3965

06/10/2022, 6:13 PM

Does this just get attached to the same k8s provider?

billowy-army-68599

06/10/2022, 6:13 PM

yep!

adamant-terabyte-3965

06/10/2022, 6:14 PM

Excellent I'll try that thank you

adamant-terabyte-3965

06/13/2022, 9:16 PM

So I first tried having the IngressClass created by my

aws-load-balancer-controller

by setting the

values:

option

createIngressClassResource

true

, and that seems to create the IngressClass just fine on AWS. However, the Ingress controller creation is still failing in its initialization (although it is created) due to the following error from Pulumi CLI:

Copy code

* resource luke-test/api-ingress was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: 'api-ingress' timed out waiting to be Ready
        * Ingress .status.loadBalancer field was not updated with a hostname/IP address.
        for more information about this error, see <https://pulumi.io/xdv72s>

After looking into the Pulumi Troubleshooting page I tried to run a

pulumi refresh

as it suggests, and that resulted in:

Copy code

Diagnostics:
  kubernetes:<http://networking.k8s.io/v1:Ingress|networking.k8s.io/v1:Ingress> (api-ingress):
    warning: Refreshed resource is in an unhealthy state:
    * Resource 'api-ingress' was created but failed to initialize
    * Ingress .status.loadBalancer field was not updated with a hostname/IP address.
        for more information about this error, see <https://pulumi.io/xdv72s>

while on my AWS console the Ingress reports:

Copy code

Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

If the

pulumi refresh

isn't going to resolve that error, how should I move forward? I've seen similar problems in this Slack and on Github but I'm not sure which of those solutions would be applicable to my current circumstance.

adamant-terabyte-3965

06/13/2022, 9:48 PM

I should also mention that the

aws-load-balancer-controller

is reporting

Copy code

{
  "level": "error",
  "ts": 1655156031.6442547,
  "logger": "controller-runtime.manager.controller.ingress",
  "msg": "Reconciler error",
  "name": "api-ingress",
  "namespace": "luke-test",
  "error": "couldn't auto-discover subnets: unable to discover at least one subnet"
}

It looks like to me from logs previous to that error the

aws-load-balancer-controller

is creating correctly, but upon detecting the

ingress

this error starts. Is this a problem with Pulumi's automation or my

aws-load-balancer-controller

config?

billowy-army-68599

06/14/2022, 1:11 AM

@adamant-terabyte-3965 this is another configuration issue with your EKS cluster. You need to ensure the VPC subnets are tagged correctly. Have you provisioned the EKS cluster with Pulumi? is this your first foray with EKS?

adamant-terabyte-3965

06/14/2022, 1:32 AM

I have provisioned my EKS cluster with Pulumi, and yes this is my first foray with EKS. I'll take a look at the subnet tagging, I'd seen that previously but I thought my controller would auto detect it needed. Thank you!

19 Views

Open in Slack

Previous Next