Installing nginx ingress in AKS cluster fails with SyncLoadBalancerFailed error

I have an AKS cluster with a web application. I want to provision an nginx Ingress controller to expose the app to the internet and later enable TLS.

I have been following the official documentation


But I always end up with a pending nginx-ingress service with this error

reason: SyncLoadBalancerFailed
message: >-
  Error syncing load balancer: failed to ensure load balancer: instance not

Does anyone know what could it be?

  • I believe you are using a static IP address with the NGINX Ingress controller service. This issue pops up if the cloud controller manager cannot find the static Azure Public Ip Address resource in the containing resource group mentioned in the NGINX Ingress Controller's service annotation (if no resource group is explicitly specified with a service annotation, it will look for the Azure Public IP Address resource in the AKS cluster's node resource group)

    If you have created the static Azure Public IP Address resource in the node resource group then please ensure that the Azure Public IP address resource exists.

    If you have created the static Azure Public IP Address resource in a different resource group, then:

    • Please ensure the cluster identity used by the AKS cluster has delegated permissions to the other resource group, such as Network Contributor.

      az role assignment create \
        --assignee <Client ID of cluster identity> \
        --role "Network Contributor" \
        --scope /subscriptions/<subscription id>/resourceGroups/<Public IP address resource group name>

      Note: Your cluster identity can be a service principal or a managed identity.

    • In the helm install command to deploy an NGINX Ingress Controller, please add the following argument:
      --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-resource-group"=$PublicIpAddressResourceGroupName

      Thus, if you are following this document the helm install command should look something like:

      # Use Helm to deploy an NGINX ingress controller
      helm install nginx-ingress ingress-nginx/ingress-nginx \
        --namespace ingress-basic \
        --set controller.replicaCount=2 \
        --set controller.nodeSelector."kubernetes\.io/os"=linux \
        --set controller.image.registry=$ACR_URL \
        --set controller.image.image=$CONTROLLER_IMAGE \
        --set controller.image.tag=$CONTROLLER_TAG \
        --set controller.image.digest="" \
        --set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \
        --set controller.admissionWebhooks.patch.image.registry=$ACR_URL \
        --set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \
        --set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \
        --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
        --set defaultBackend.image.registry=$ACR_URL \
        --set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \
        --set defaultBackend.image.tag=$DEFAULTBACKEND_TAG \
        --set controller.service.loadBalancerIP=$STATIC_IP \
        --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL
        --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-resource-group"=$PublicIpAddressResourceGroupName

    For more information please check here.