I have a situation where Kubernetes apparently can no longer assign an external IP address to a service upon kubectl create -f Deployment.yaml. kubectl describe service <my-service> reports the following error:
CreatingLoadBalancerFailed
Error creating load balancer (will retry): Failed to create load balancer
for service default/<my-service>: requested ip <my-address> is
neither static nor assigned to LB <id>(default/<my-service>): <nil>
But gcloud compute addresses list indicates that my-address is a static IP address:
NAME REGION ADDRESS STATUS
<my-address> europe-west1 <ip-address> RESERVED
And Deployment.yaml contains a spec for <my-service> that assigns <my-address> to a load balancer:
kind: Service
apiVersion: v1
metadata:
name: my-service
spec:
selector:
app: my-app
ports:
- protocol: UDP
port: <my-port>
type: LoadBalancer
loadBalancerIP: <my-address>
What is especially strange: the (almost) same deployment has worked before. I have already tried to recreate my cluster, but this also did not help. What else could be wrong and how can I overcome the error to make my service reachable from the outside again?
UPDATE I have reserved a new static (this time also global) IP address with gcloud compute addresses create test-address --global and changed the assignment to LB accordingly: loadBalancerIP: test-address. But the same error remains still.
UPDATE If I don't specify loadBalancerIP in Deployment.yaml, deployment succeeds without errors an a new external IP address is assigned to my-service. The service can be pinged from outside at this address.
UPDATE If I delete my former address with gcloud compute addresses delete my-address --region europe-west1, promote the new external address with gcloud compute addresses create --addresses <ip-address> --region europe-west1, and then redeploy with the original line loadBalancerIP: my-address restored in Deployment.yaml, the same error surfaces again.
I had a similar problem. It turns out that if the IP address is reserved as global then it won't work. I deleted my reservation and changed it to the same region as my kubernetes cluster.
--globalI had to use--region europe-west2- the same region as my k8s cluster.before: fail
gcloud compute addresses create my-secure-sftp --globalafter: success
gcloud compute addresses create my-secure-sftp --region europe-west2@see https://github.com/kubernetes/kubernetes/issues/22721 for more details
The problem was in
Deployment.yamlwhere I was referring to the address underloadBalancerIpby its symbolic name rather than the numeric IP address (NAMEandADDRESSas revealed bygcloud compute addresses listrespectively). If I use the numeric IP address instead, the load balancer comes up my service can be accessed externally at this address (via the load balancer). (This previous answer brought me on the right track. I was under the perhaps wrong impression that using the symbolic name had previously worked.)Background Since I was switching to an own VM instance (instead of Google Cloud shell) for developing container images, I am receiving
"Insufficient Permission"errors fromgcloud compute addressess liston that VM instance. I understand that I could improve this by recreating the VM instance with scopehttps://www.googleapis.com/auth/compute.readonly. In any case, this restriction apparently had nothing to do with the problem at hand.You should create regional address:
It allocates Global IP for ingress controller (status IN_USE), this is exactly what you need.
Global static and Internal static will not work in your case.
You should create a regional address in the same region, zone and project on GCP
I have a problem because I create an IP on a different project that I'm configuring the LoadBalancer.