Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After ingress crosses ns proxy svc, the listening list of ALB is empty. #3978

Closed
ColeSu-n opened this issue Dec 11, 2024 · 6 comments
Closed

After ingress crosses ns proxy svc, the listening list of ALB is empty. #3978

ColeSu-n opened this issue Dec 11, 2024 · 6 comments
Labels
triage/unresolved Indicates an issue that can not or will not be resolved.

Comments

@ColeSu-n
Copy link

ColeSu-n commented Dec 11, 2024
edited
Loading

I created ingress and an ExternalName svc in the A namespace. This svc pointed to an svc under the B namespace. Then I saw that the listening target of alb was empty.
This will result in accessing the domain name in ingress get 503 Service Temporarily Unavailable

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: test
  namespace: cms
spec:
  ingressClassName: alb
  rules:
    - host: testalb.mmm.yyy
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: svc1
                port:
                  number: 80
    - host: testargocd.mmm.yyy
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: argocd
                port:
                  number: 80

kind: Service
apiVersion: v1
metadata:
  name: argocd
  namespace: cms
spec:
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
  type: ExternalName
  sessionAffinity: None
  externalName: argocd-demo.tools.svc.cluster.local

kind: Service
apiVersion: v1
metadata:
  name: argocd-demo
  namespace: tools
  labels:
    app: argocd-demo
spec:
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8080
  selector:
    app: argocd-demo
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster

kind: Deployment
apiVersion: apps/v1
metadata:
  name: argocd-demo
  namespace: tools
  labels:
    app: argocd-demo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: argocd-demo
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: argocd-demo
    spec:
      containers:
        - name: container-9nac5k
          image: 'argoproj/rollouts-demo:blue'
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600

Target group in ALB listening rule
image

k describe ing -n cms

Events:
  Type     Reason                  Age                   From     Message
  ----     ------                  ----                  ----     -------
  Warning  FailedDeployModel       52m                   ingress  Failed deploy model due to operation error Elastic Load Balancing v2: CreateTargetGroup, https response error StatusCode: 400, RequestID: 5b242618-6175-4464-80b8-c130c814e1f3, api error ValidationError: 1 validation error detected: Value '0' at 'port' failed to satisfy constraint: Member must have value greater than or equal to 1
  Warning  FailedDeployModel       48m                   ingress  Failed deploy model due to operation error Elastic Load Balancing v2: CreateTargetGroup, https response error StatusCode: 400, RequestID: 6b5a3fb2-37b4-40cf-b9d2-4730fbce8780, api error ValidationError: 1 validation error detected: Value '0' at 'port' failed to satisfy constraint: Member must have value greater than or equal to 1
  Warning  FailedDeployModel       46m                   ingress  Failed deploy model due to operation error Elastic Load Balancing v2: ModifyTargetGroupAttributes, https response error StatusCode: 400, RequestID: 576d8b15-cf29-4774-bf52-8d81203e0e4c, api error ValidationError: Target group attribute key 'port' is not recognized
  Warning  FailedDeployModel       43m                   ingress  Failed deploy model due to operation error Elastic Load Balancing v2: CreateTargetGroup, https response error StatusCode: 400, RequestID: 8a23ac34-7d58-4588-82d2-d756ffc7a61c, api error ValidationError: 1 validation error detected: Value '0' at 'port' failed to satisfy constraint: Member must have value greater than or equal to 1
  Warning  FailedDeployModel       35m                   ingress  Failed deploy model due to operation error Elastic Load Balancing v2: CreateTargetGroup, https response error StatusCode: 400, RequestID: c65038de-7048-41ec-a28b-115f719de1f3, api error ValidationError: 1 validation error detected: Value '0' at 'port' failed to satisfy constraint: Member must have value greater than or equal to 1
  Warning  FailedDeployModel       33m                   ingress  Failed deploy model due to operation error Elastic Load Balancing v2: CreateTargetGroup, https response error StatusCode: 400, RequestID: 6d539b8a-9718-4d9a-8bd8-bac9065f9112, api error ValidationError: 1 validation error detected: Value '0' at 'port' failed to satisfy constraint: Member must have value greater than or equal to 1
  Normal   SuccessfullyReconciled  18m (x29 over 7h55m)  ingress  Successfully reconciled
@albertmorenomng
Copy link

Hello @ColeSu-n

What type os kubernetes cluster is deployed? EKS, Custom....

I have a similar situation using RKE2 cluster in AWS
(#3977)

Regards

@ColeSu-n
Copy link
Author

Hello @ColeSu-n

What type os kubernetes cluster is deployed? EKS, Custom....

I have a similar situation using RKE2 cluster in AWS (#3977)

Regards

The company purchased the 1.31 version of k8s eks directly from AWS, and I think it may be that aws-loadbalance-controller lacks support for ExternalName type services

@shraddhabang
Copy link
Collaborator

@ColeSu-n We dont support ExternalName type svc yet. Also we dont support the cross namespace svc. Will you be able to use ClusterIP/NodePort type of svc meanwhile?

@shraddhabang shraddhabang added the triage/unresolved Indicates an issue that can not or will not be resolved. label Dec 11, 2024
@ColeSu-n
Copy link
Author

ColeSu-n commented Dec 12, 2024
edited
Loading

@ColeSu-n We dont support ExternalName type svc yet. Also we dont support the cross namespace svc. Will you be able to use ClusterIP/NodePort type of svc meanwhile?

@shraddhabang OK, thanks for your answer. I want to know why ExternalName svc is not supported? Because I found that nginx-ingress-controller and ingress-controller of other cloud vendors do not seem to support ExternalName svc either.

@zac-nixon
Copy link
Collaborator

Putting an ExternalName service behind a load balancer doesn't make a lot of sense nor is it supported. ALB / NLB will route traffic to an IP address. It looks like an ExternalName service is returning a DNS record.

This is just my basic understanding of reading:
https://stackoverflow.com/questions/54327697/kubernetes-externalname-services
https://kubernetes.io/docs/concepts/services-networking/service/#externalname

@zac-nixon
Copy link
Collaborator

Please re-open if you have other questions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/unresolved Indicates an issue that can not or will not be resolved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zac-nixon @shraddhabang @ColeSu-n @albertmorenomng