Eksctl: Cannot reach LoadBalancer service on EKS Fargate cluster provisioned with eksctl
/cc @kalbir
I'm able to reach my container-based service on port 80 of the public IP assigned to the k8s Service when I create my EKS cluster like this:
$ eksctl create cluster # traditional EC2-backed
$ eksctl create cluster --managed # managed node groups
but not for
$ eksctl create cluster --fargate # Fargate!
I have a programmatic user with this IAM policy (with AWS acct number filled in):
https://gist.github.com/jpadams/d1b076a6308346d581bc362360a858d0
And I'm using this GitHub action to do the build and deploy to the specified EKS cluster:
https://github.com/jpadams/fargate-eks/blob/master/.github/workflows/build-deploy.yml#L33
jpadams
All 8 comments
Isn't it because EKS for Fargate still doesn't officially support CLB/NLB?
For exposing an HTTP service, it so far only supports ALB with IP mode and you should specify your service as ClusterIP.
Fargate VM cannot have a public IP.
Ref: https://aws.amazon.com/jp/blogs/aws/amazon-eks-on-aws-fargate-now-generally-available/
inductor
on 6 Dec 2019
@inductor, good catch!
I see the limitation here:
https://docs.aws.amazon.com/eks/latest/userguide/fargate.html
AWS Fargate Considerations
Here's some things to consider about using Fargate on Amazon EKS.Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the ALB Ingress Controller on Amazon EKS (minimum version v1.1.4).
Going to try going this route but looks complicated :(
https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
jpadams
on 6 Dec 2019
NLB support on roadmap for EKS with Fargate.
https://github.com/aws/containers-roadmap/issues/617
jpadams
on 6 Dec 2019
If set service as ClasterIP, how to expose service externally?
changkaizhao
on 9 Dec 2019
@changkaizhao Each Fargate VM has a VPC-native and yet private IP address so using ALB Ingress with IP mode will resolve the target group.
inductor
on 9 Dec 2019
@inductor do you have an example of an ingress that works? I tried this example, but don't get an external IP:
https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
Jeremys-MacBook-Pro:manifests jpadams$ kubectl get ingress/2048-ingress -n 2048-game
NAME HOSTS ADDRESS PORTS AGE
2048-ingress * 80 23s
Jeremys-MacBook-Pro:manifests jpadams$ kubectl logs -n kube-system deployment.apps/alb-ingress-controller
-------------------------------------------------------------------------------
AWS ALB Ingress controller
Release: v1.1.3
Build: git-6101b02d
Repository: https://github.com/kubernetes-sigs/aws-alb-ingress-controller.git
-------------------------------------------------------------------------------
...
E1208 17:00:20.634975 1 controller.go:217] kubebuilder/controller "msg"="Reconciler
error" "error"="failed to build LoadBalancer configuration due to failed to get AWS tags.
Error: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose
messaging see aws.Config.CredentialsChainVerboseErrors" "controller"="alb-ingress-
controller" "request"={"Namespace":"2048-game","Name":"2048-ingress"}
I created this script to implement setup steps in https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
https://gist.github.com/jpadams/9de54c2399bb8fda1809aada35f00de2
jpadams
on 9 Dec 2019
Found this as well. Going to incorporate into my script above.
https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
(actually found it here first: https://www.terraform.io/docs/providers/aws/r/eks_fargate_profile.html)
jpadams
on 9 Dec 2019
Related issues
KevinMonk
路
3Comments
dewittcx
路
3Comments
albertmichaelj
路
3Comments
theimpostor
路
3Comments
scottyhq
路
3Comments
Most helpful comment
Isn't it because EKS for Fargate still doesn't officially support CLB/NLB?
For exposing an HTTP service, it so far only supports ALB with IP mode and you should specify your service as ClusterIP.
Fargate VM cannot have a public IP.
Ref: https://aws.amazon.com/jp/blogs/aws/amazon-eks-on-aws-fargate-now-generally-available/