Looking for ways to troubleshoot service load balancers for Amazon EKS? Worry not, we are here to help!
One of our customers recently ran into trouble with their load balancer in the Amazon EKS. This actually occurs more often than you can imagine. Fortunately, you will be able to troubleshoot service load balancers for Amazon EKS by the end of this article.
At Bobcares, we are ready to assist our customers with AWS queries any day, any time as part of our AWS Support Services.
How to Troubleshoot Service Load Balancers for Amazon EKS
If you are having trouble with the service load balancer for Amazon EKS, our Support Techs suggest the following troubleshooting tips:
- Verify the tags for the Amazon VPC or Amazon Virtual Private Cloud subnets.
- Check the IAM or AWS Identity and Access Management permissions for the cluster’s IAM role.
- Verify there is a valid Kubernetes service definition.
- Ensure that the load balancers are within the account limit.
- Check if there are sufficient free IP addresses on the subnets.
In case these tips do not seem to solve the problem, the experts at Bobcares suggest proceeding to the Additional Troubleshooting Steps section for further help.
Verify Tags for the Amazon VPC subnets
- First, open the AWS Virtual Private Cloud console.
- Then choose subnets from the navigation pane.
- After that, verify a tag exists by checking the Tags tab for each subnet. For instance:
Key: kubernetes.io/cluster/yourEKSClusterName Value: shared
- Confirm the following tag exists for public subnets:
Key: kubernetes.io/role/elb Value: 1
In order to check if the subnet is public, we recommend checking the route tables associated with the specific subnet. While a public subnet has access to an internet gateway, a private subnet needs to use a NAT gateway or a NAT instance. Do not forget to verify the tags in order to create an internet-facing load balancer service.
- Confirm the following tag exists for private subnets:
Key: kubernetes.io/role/internal-elb Value: 1
Importantly, you need to have the tag in the previous step to create an internet-facing load balancer service.
Set IAM Permissions For The Cluster’s IAM Role
- First, open the Amazon Elastic Kubernetes Service console.
- Then choose Clusters from the navigation pane.
- Once you pick your cluster, note the Cluster IAM Role ARN.
- After that, open the AWS Identity and Access Management console.
- Then choose Roles from the navigation pane.
- Pick the role that is similar to the Cluster IAM Role ARN noted in Step 3.
- Next, ensure that AmazonEKSClusterPolicy, the AWS managed policy is attached to the role.
Remember that the Amazon EKS control plane automatically assumes the preceding IAM role in order to create a load balancer for the service.
Utilize A Valid Kubernetes Service Definition
- Ensure that spec.type is set as LoadBalancer in the YAML file for the Kubernetes service. Here is an example of how our support staff accomplished this for a client:
<!-- wp:code --> <pre class="wp-block-code"><code>apiVersion: v1 kind: Service metadata: annotations: # This annotation is required only if you create an internal facing ELB. Remove this in order to create public facing ELB. service.beta.kubernetes.io/aws-load-balancer-internal: "true" name: nginx-elb labels: app: nginx spec: type: LoadBalancer ports: - name: "http" port: 80 targetPort: 80 selector: app: nginx</code></pre> <!-- /wp:code -->
Check That Load Balancers Are Within Account Limit
By default, an AWS account has up to 20 load balancers per AWS Region. You can check this number via the Load Balancers option from the navigation pane of the Amazon ECS console.
In case, you have crossed the maximum limit, you can apply for an increase via Service Quotas.
Verify there are Sufficient Free IP Addresses on the Subnets
In order to create a load balancer without running into trouble, each subnet needs to have at least eight free IP addresses. This is required for Network Load Balancer as well as Classic Load Balancer.
Additional Steps To Troubleshoot Service Load Balancers for Amazon EKS
If the above tips failed to help you out, our support techs suggest running the following command:
$ kubectl describe service my-elb-service
If this command is successful, you will notice an output similar to this:
... ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal EnsuringLoadBalancer 45s service-controller Ensuring load balancer Normal EnsuredLoadBalancer 43s service-controller Ensured load balancer
In case the service was not created, you will receive an error message.
[Fortunately, you can stop worrying. We are here to assist you]
Conclusion: Troubleshoot Service Load Balancers for Amazon EKS
In short, you will be able to find your way around the Service Load Balancers for Amazon EKS with these tips from our experienced Support Techs.