Target health check fails - AWS Network Load Balancer
NOTE: I tried to include screenshots but stackoverflow does not allow me to add images with preview so I included them as links.
I deployed a web app on AWS using kOps. I have two nodes and set up a Network Load Balancer.
The target group of the NLB has two nodes (each node is an instance made from the same template).
Load balancer actually seems to be working after checking ingress-nginx-controller logs.
The requests are being distributed over pods correctly. And I can access the service via ingress external address.
But when I go to AWS Console / Target Group, one of the two nodes is marked as and I am concerned with that.
Nodes are running correctly.
I tried to execute sh into nginx-controller and tried curl to both nodes with their internal IP address. For the healthy node, I get nginx response and for the unhealthy node, it times out. I do not know how nginx was installed on one of the nodes and not on the other one.
Could anybody let me know the possible reasons?
I had exactly the same problem before and this should be documented somewhere on AWS or Kubernetes. The answer is copied from AWS Premium Support
Short description
The NGINX Ingress Controller sets the spec.externalTrafficPolicy option to Local to preserve the client IP. Also, requests aren't routed to unhealthy worker nodes. The following troubleshooting implies that you don't need to maintain the cluster IP address or preserve the client IP address.
Resolution
If you check the ingress controller service you will see the External Traffic Policy field set to Local.
$ kubectl -n ingress-nginx describe svc ingress-nginx-controller
Output:
Name: ingress-nginx-controller
Namespace: ingress-nginx
...
External Traffic Policy: Local
...
This Local setting drops packets that are sent to Kubernetes nodes that aren't running instances of the NGINX Ingress Controller. Assign NGINX pods (from the Kubernetes website) to the nodes that you want to schedule the NGINX Ingress Controller on.
Update the pec.externalTrafficPolicy option to Cluster
$ kubectl -n ingress-nginx patch service ingress-nginx-controller -p '{"spec":{"externalTrafficPolicy":"Cluster"}}'
Output:
service/ingress-nginx-controller patched
By default, NodePort services perform source address translation (from the Kubernetes website). For NGINX, this means that the source IP of an HTTP request is always the IP address of the Kubernetes node that received the request. If you set a NodePort to the value of the externalTrafficPolicy field in the ingress-nginx service specification to Cluster, then you can't maintain the source IP address.
- Get single-line json from aws cli
- Automatically "stop" Sagemaker notebook instance after inactivity?
- AWS Cloudwatch alarm not returning to OK state even though data looks fine
- Windows & Linux living together in Kubernetes cluster
- AWS CDK for .NET Core hangs at "ApplicationLoadBalancedFargateService" Task
- how to add cache control in AWS S3?
- AWS Lambda Open Telemetry, Missing Parent Span
- API Gateway Custom Authorizer: Control error message and code
- VSCode JSON to YAML auto conversion on save
- How to add multiple columns in AWS redshift with alter table query
- Retrieve one file from AWS Glacier using cli
- Email address is not verified (AWS SES)
- Terraform - s3 static website wont deploy, telling me I dont have permissions when I do
- How to Add Private Subnets with Designated IP Addresses When Creating a VPC Interface Endpoint in AWS CDK
- SpringBoot fails to deploy after adding .ebextensions for ngingx SSL -[An error occurred during execution of command [app-deploy]]
- What does 0.0.0.0/0 and ::/0 mean?
- How to query dynamoDB based on key + attribute?
- Getting "No AWS accounts are available to you" when using aws configure sso
- Terraform directory Structure for common infrastructure on aws for ADO pipeline
- Mysterious TransactionConflict in TransactionCanceledException
- Cloudwatch VPC interface endpoint times out
- AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
- How to bypass expectation of S3 server 100-contiune response in Boto3 put_object method
- Disabling AWS X-ray in FastAPI Lambda application
- Cannot Connect To AWS Elasticache Redis Cluster From Local Machine
- How do i access AWS SAM-CLI through bash on windows?
- Reporting AWS Tools RDS or Redshift?
- What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
- Configure Selenium Nodes without a JSON file
- Is there a CLI command on Azure to see console messages of a VM that is not booting up?