Bobcares

Troubleshoot Service Load Balancers for Amazon EKS

by | Sep 6, 2021

Looking for ways to troubleshoot service load balancers for Amazon EKS? Worry not, we are here to help!

One of our customers recently ran into trouble with their load balancer in the Amazon EKS. This actually occurs more often than you can imagine. Fortunately, you will be able to troubleshoot service load balancers for Amazon EKS by the end of this article.

At Bobcares, we are ready to assist our customers with AWS queries any day, any time as part of our AWS Support Services.

How to Troubleshoot Service Load Balancers for Amazon EKS

If you are having trouble with the service load balancer for Amazon EKS, our Support Techs suggest the following troubleshooting tips:

  • Verify the tags for the Amazon VPC or Amazon Virtual Private Cloud subnets.
  • Check the IAM or AWS Identity and Access Management permissions for the cluster’s IAM role.
  • Verify there is a valid Kubernetes service definition.
  • Ensure that the load balancers are within the account limit.
  • Check if there are sufficient free IP addresses on the subnets.

In case these tips do not seem to solve the problem, the experts at Bobcares suggest proceeding to the Additional Troubleshooting Steps section for further help.

Verify Tags for the Amazon VPC subnets

  1. First, open the AWS Virtual Private Cloud console.
  2. Then choose subnets from the navigation pane.
  3. After that, verify a tag exists by checking the Tags tab for each subnet. For instance:
Key: kubernetes.io/cluster/yourEKSClusterName
Value: shared
  1. Confirm the following tag exists for public subnets:
Key: kubernetes.io/role/elb
Value: 1

In order to check if the subnet is public, we recommend checking the route tables associated with the specific subnet. While a public subnet has access to an internet gateway, a private subnet needs to use a NAT gateway or a NAT instance. Do not forget to verify the tags in order to create an internet-facing load balancer service.

  1. Confirm the following tag exists for private subnets:
Key: kubernetes.io/role/internal-elb
Value: 1

Importantly, you need to have the tag in the previous step to create an internet-facing load balancer service.

Set IAM Permissions For The Cluster’s IAM Role

  1. First, open the Amazon Elastic Kubernetes Service console.
  2. Then choose Clusters from the navigation pane.
  3. Once you pick your cluster, note the Cluster IAM Role ARN.
  4. After that, open the AWS Identity and Access Management console.
  5. Then choose Roles from the navigation pane.
  6. Pick the role that is similar to the Cluster IAM Role ARN noted in Step 3.
  7. Next, ensure that AmazonEKSClusterPolicy, the AWS managed policy is attached to the role.

Remember that the Amazon EKS control plane automatically assumes the preceding IAM role in order to create a load balancer for the service.

Utilize A Valid Kubernetes Service Definition

  1. Ensure that spec.type is set as LoadBalancer in the YAML file for the Kubernetes service. Here is an example of how our support staff accomplished this for a client:
<!-- wp:code -->
<pre class="wp-block-code"><code>apiVersion: v1
kind: Service
metadata:
  annotations:
    # This annotation is required only if you create an internal facing ELB. Remove this in order to create public facing ELB.
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
  name: nginx-elb
  labels:
    app: nginx
spec:
  type: LoadBalancer
  ports:
  - name: "http"
    port: 80
    targetPort: 80
  selector:
    app: nginx</code></pre>
<!-- /wp:code -->

Check That Load Balancers Are Within Account Limit

By default, an AWS account has up to 20 load balancers per AWS Region. You can check this number via the Load Balancers option from the navigation pane of the Amazon ECS console.

In case, you have crossed the maximum limit, you can apply for an increase via Service Quotas.

Verify there are Sufficient Free IP Addresses on the Subnets

In order to create a load balancer without running into trouble, each subnet needs to have at least eight free IP addresses. This is required for Network Load Balancer as well as Classic Load Balancer.

Additional Steps To Troubleshoot Service Load Balancers for Amazon EKS

If the above tips failed to help you out, our support techs suggest running the following command:

$ kubectl describe service my-elb-service

If this command is successful, you will notice an output similar to this:

...
...
Events:
  Type    Reason                Age   From                Message
  ----    ------                ----  ----                -------
  Normal  EnsuringLoadBalancer  45s   service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   43s   service-controller  Ensured load balancer

In case the service was not created, you will receive an error message.

[Fortunately, you can stop worrying. We are here to assist you]

Conclusion: Troubleshoot Service Load Balancers for Amazon EKS

In short, you will be able to find your way around the Service Load Balancers for Amazon EKS with these tips from our experienced Support Techs.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.