Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to create type 'loadbalancer' in Azure with a private IP.

See original GitHub issue

Please use this to only for bug reports. For questions or when you need help, you can use the GitHub Discussions, our #strimzi Slack channel or out user mailing list.

Describe the bug I’m trying to create a load balancer listener in Azure AKS for the kafka nodes with a private IP address following the documentation. Every time I try, the load balancer fails to create since it tries to attach to the public IP, which the cluster identity does not have permissions on (by design). I tried the template snippit below, first without the ‘template:’ section per the docs when running strimzi > 0.20, then tried adding it just to see if it would help, but it still tried to bind to the public IP.

To Reproduce Steps to reproduce the behavior:

  1. Deploy the template below (kubectl apply -f template.yml)

Expected behavior Create a load balancer for the kafka nodes using a private IP, not public.

Environment (please complete the following information):

  • Strimzi version: 0.22.1
  • Installation method: helm
  • Kubernetes cluster: Kubernetes 1.20.5
  • Infrastructure: Azure AKS

YAML files and logs

kind: Kafka
metadata:
  name: <my cluster name>
  namespace: <my namespace>
spec:
  kafka:
    replicas: 3
    version: 2.7.0
    listeners:
      - name: private
        port: 9092
        type: loadbalancer
        tls: true
        authentication:
          type: scram-sha-512
        configuration:
          bootstrap:
            annotations:
              service.beta.kubernetes.io/azure-load-balancer-internal: "true"
          brokers:
          - broker: 0
            annotations:
              service.beta.kubernetes.io/azure-load-balancer-internal: "true"
          - broker: 1
            annotations:
              service.beta.kubernetes.io/azure-load-balancer-internal: "true"
          - broker: 2
            annotations:
              service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    template:
      externalBootstrapService:
        metadata:
          annotations:
            service.beta.kubernetes.io/azure-load-balancer-internal: "true"
      perPodService:
        metadata:
          annotations:
            service.beta.kubernetes.io/azure-load-balancer-internal: "true"

Additional context none

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
justin-silvericommented, May 3, 2021

Update: It turns out this was a permissions issue on the Azure AKS side. It required adding the AKS ServicePrinciple as ‘Contributor’ to the AKS managed Resource Group, and ‘Network Contributor’ to the user managed AKS Resource Group. Why it’s trying to touch the public loadbalancer/pip when creating an internal only service makes no sense at all to me, but it’s working now.

0reactions
justin-silvericommented, May 4, 2021

Yes, the issue can be closed. Posted the update for exactly that reason, in case anyone else has the same issue in Azure with AKS.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Create an internal load balancer - Azure Kubernetes Service
Learn how to create and use an internal load balancer to expose your services with Azure Kubernetes Service (AKS).
Read more >
Azure: How to create Standard Load Balancer without public ...
I want to run my application with AKS cluster(version - 1.18.14) with the dependency of standard load balancer to create multiple node pools....
Read more >
Troubleshoot common issues Azure Load Balancer
When the external clients to the backend VMs go through the load balancer, the IP address of the clients will be used for...
Read more >
Manage a public IP address with a load balancer - Azure ...
Sign in to the Azure portal. · In the search box at the top of the portal, enter Load balancer. · In the...
Read more >
Use static IP with load balancer - Azure Kubernetes Service
If you customized your outbound IP make sure your cluster identity has permissions to both the outbound public IP and this inbound public...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

KafkaRoller may continue to try to roll a kafka's pods long after the kafka is deleted

Next page

Helm chart v0.22.1 failed to upgrade Strimzi operator to support v1beta2 API