Nginx Question posted in
The official documentation can be found here.

Installing nginx ingress in AKS cluster fails with SyncLoadBalancerFailed error

I have an AKS cluster with a web application. I want to provision an nginx Ingress controller to expose the app to the internet and later enable TLS.

I have been following the official documentation

https://learn.microsoft.com/en-us/azure/aks/ingress-basic

and

https://learn.microsoft.com/en-us/azure/aks/ingress-static-ip

But I always end up with a pending nginx-ingress service with this error

reason: SyncLoadBalancerFailed
message: >-
  Error syncing load balancer: failed to ensure load balancer: instance not
  found

enter image description here

I have seen

How to fix "failed to ensure load balancer" error for nginx ingress

and googled the error but so far no luck

Does anyone know what could it be?

Or, is there some working example I can start from?

Tags:

2

Answers


  1. 0

    I believe you are using a static IP address with the NGINX Ingress controller service. This issue pops up if the cloud controller manager cannot find the static Azure Public Ip Address resource in the containing resource group mentioned in the NGINX Ingress Controller’s service annotation (if no resource group is explicitly specified with a service annotation, it will look for the Azure Public IP Address resource in the AKS cluster’s node resource group)

    If you have created the static Azure Public IP Address resource in the node resource group then please ensure that the Azure Public IP address resource exists.

    If you have created the static Azure Public IP Address resource in a different resource group, then:

    • Please ensure the cluster identity used by the AKS cluster has delegated permissions to the other resource group, such as Network Contributor.

      az role assignment create 
  --assignee <Client ID of cluster identity> 
  --role "Network Contributor" 
  --scope /subscriptions/<subscription id>/resourceGroups/<Public IP address resource group name>

      Note: Your cluster identity can be a service principal or a managed identity.

    • In the helm install command to deploy an NGINX Ingress Controller, please add the following argument:
      --set controller.service.annotations."service.beta.kubernetes.io/azure-load-balancer-resource-group"=$PublicIpAddressResourceGroupName

      Thus, if you are following this document the helm install command should look something like:

      # Use Helm to deploy an NGINX ingress controller
helm install nginx-ingress ingress-nginx/ingress-nginx 
  --namespace ingress-basic 
  --set controller.replicaCount=2 
  --set controller.nodeSelector."kubernetes.io/os"=linux 
  --set controller.image.registry=$ACR_URL 
  --set controller.image.image=$CONTROLLER_IMAGE 
  --set controller.image.tag=$CONTROLLER_TAG 
  --set controller.image.digest="" 
  --set controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os"=linux 
  --set controller.admissionWebhooks.patch.image.registry=$ACR_URL 
  --set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE 
  --set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG 
  --set defaultBackend.nodeSelector."kubernetes.io/os"=linux 
  --set defaultBackend.image.registry=$ACR_URL 
  --set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE 
  --set defaultBackend.image.tag=$DEFAULTBACKEND_TAG 
  --set controller.service.loadBalancerIP=$STATIC_IP 
  --set controller.service.annotations."service.beta.kubernetes.io/azure-dns-label-name"=$DNS_LABEL
  --set controller.service.annotations."service.beta.kubernetes.io/azure-load-balancer-resource-group"=$PublicIpAddressResourceGroupName

    For more information please check here.

    Login or Signup to reply.
  2. 0

    I got the same error with a non nginx-ingress load balancer in AKS and fixed the issue by stopping and re-starting the cluster through the Azure portal.

    Spent a lot of time looking for solutions online and didn’t find anything that worked.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search