Why can't my app connect via a network load balancer (NLB) service?
Classic infrastructure
You exposed your app by creating an NLB service in your classic cluster.
When you tried to connect to your app by using the public IP address of the NLB, the connection failed or timed out.
Your NLB service might not be working properly for one of the following reasons:
- The cluster is not fully deployed yet.
- The configuration script for your NLB service includes errors.
Check that you set up a standard cluster that is fully deployed and has at least two worker nodes to ensure high availability for your NLB service.
-
List your worker nodes. In your CLI output, make sure that the Status of your worker nodes displays Ready and that the Machine Type shows a flavor other than free.
ibmcloud ks worker ls --cluster <cluster_name_or_ID>
-
For version 2.0 NLBs: Ensure that you complete the NLB 2.0 prerequisites.
-
Check the accuracy of the configuration file for your NLB service.
-
Version 2.0 NLBs
apiVersion: v1 kind: Service metadata: name: myservice annotations: service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "ipvs" spec: type: LoadBalancer selector: <selector_key>:<selector_value> ports: - protocol: TCP port: 8080 targetPort: 8080 # Optional. By default, the `targetPort` is set to match the `port` value unless specified otherwise. externalTrafficPolicy: Local
- Check that you defined LoadBalancer as the type for your service.
- Check that you included the
service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "ipvs"
annotation. - In the
spec.selector
section of the LoadBalancer service, ensure that the<selector_key>
and<selector_value>
is the same as the key/value pair that you used in thespec.template.metadata.labels
section of your deployment YAML. If labels don't match, the Endpoints section in your LoadBalancer service displays<none>
and your app is not accessible from the internet. - Check that you used the port that your app listens on.
- Check that you set
externalTrafficPolicy
toLocal
.
-
Version 1.0 NLBs
apiVersion: v1 kind: Service metadata: name: myservice spec: type: LoadBalancer selector: <selector_key>:<selector_value> ports: - protocol: TCP port: 8080 targetPort: 8080 # Optional. By default, the `targetPort` is set to match the `port` value unless specified otherwise.
- Check that you defined LoadBalancer as the type for your service.
- In the
spec.selector
section of the LoadBalancer service, ensure that the<selector_key>
and<selector_value>
is the same as the key/value pair that you used in thespec.template.metadata.labels
section of your deployment YAML. If labels don't match, the Endpoints section in your LoadBalancer service displays none and your app is not accessible from the internet. - Check that you used the port that your app listens on.
-
-
Check your NLB service and review the Events section to find potential errors.
kubectl describe service <myservice>
Look for the following error messages.
- Clusters with one node must use services of type NodePort
- To use the NLB service, you must have a standard cluster with at least two worker nodes.
- No cloud provider IPs are available to fulfill the NLB service request. Add a portable subnet to the cluster and try again.
- This error message indicates that no portable public IP addresses remaining to be allocated to your NLB service. Refer to Adding subnets to clusters to find information about how to request portable public IP addresses for your cluster. After portable public IP addresses are available to the cluster, the NLB service is automatically created.
- Requested cloud provider IP
<cloud-provider-ip>
is not available. The following cloud provider IPs are available:<available-cloud-provider-ips>
- You defined a portable public IP address for your load balancer YAML by using the
loadBalancerIP
section, but this portable public IP address is not available in your portable public subnet. In theloadBalancerIP
section your configuration script, remove the existing IP address and add one of the available portable public IP addresses. You can also remove theloadBalancerIP
section from your script so that an available portable public IP address can be allocated automatically. - No available nodes for NLB services
- You don't have enough worker nodes to deploy an NLB service. One reason might be that you deployed a standard cluster with more than one worker node, but the provisioning of the worker nodes failed.
- List available worker nodes by running
kubectl get nodes
. - If at least two available worker nodes are found, list the worker node details by running
ibmcloud ks worker get --cluster <cluster_name_or_ID> --worker <worker_ID>
. - Make sure that the public and private VLAN IDs for the worker nodes that were returned by the
kubectl get nodes
and theibmcloud ks worker get
commands match.
- List available worker nodes by running
-
If you use a custom domain to connect to your NLB service, make sure that your custom domain is mapped to the public IP address of your NLB service.
- Find the public IP address of your NLB service.
kubectl describe service <service_name> | grep "LoadBalancer Ingress"
- Check that your custom domain is mapped to the portable public IP address of your NLB service in the Pointer record (PTR).
- Find the public IP address of your NLB service.