Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error syncing load balancer due to multiple security groups #5901

Open
1 task done
neeraj-ec opened this issue Apr 22, 2024 · 0 comments
Open
1 task done

Error syncing load balancer due to multiple security groups #5901

neeraj-ec opened this issue Apr 22, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@neeraj-ec
Copy link

neeraj-ec commented Apr 22, 2024
edited

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I have an EKS cluster with karpenter installed. Two nodes are managed with nodeGroup and others are provisioned by karpenter. kong is installed on managed nodeGroup node using affinity.

Upon installing kong ingress with helm, kong-proxy Service stuck in Pending state with Error:

Caution

Error syncing load balancer: failed to ensure load balancer: Multiple tagged security groups found for instance i-abc; ensure only the k8s security group is tagged; the tagged groups were sg-abc(eksctl-cluster-ClusterSharedNodeSecurityGroup-dfgdf) sg-xyz(eksctl-cluster-ControlPlaneSecurityGroup-fgkh)

Expected Behavior

kong ingress controller should work as usual and able to get LoadBalancer from AWS.

Steps To Reproduce

1. create EKS cluster with karpenter enabled.
2. Install kong ingress controller with following values:

`helm install kong kong/kong -n kong --values values.yaml`


env:
  nginx_proxy_proxy_buffers: "64 160k"
  nginx_proxy_proxy_buffer_size: "160k"
  nginx_proxy_gzip: "on"
  nginx_proxy_gzip_min_length: "1000"
  nginx_proxy_gzip_proxied: "expired no-cache no-store private auth"
  nginx_proxy_gzip_types: "application/json application/javascript image/svg+xml image/x-icon"
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: karpenter.sh/provisioner-name
              operator: DoesNotExist
proxy:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp

Wait to check kong-kong-proxy Service. It is stuck in Pending state with error



### Kong Ingress Controller version
3.1

helm chart version = 2.38.0
ingress-controller = kong/kubernetes-ingress-controller: 3.1
proxy = kong:3.6


### Kubernetes version


Client Version: v1.29.3
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.3-eks-adc7111


### Anything else?

_No response_
@neeraj-ec neeraj-ec added the bug Something isn't working label Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@neeraj-ec