IBM Cloud Docs
Classic clusters: Why can't I deploy a load balancer?

Classic clusters: Why can't I deploy a load balancer?

Classic infrastructure

When you describe the ibm-cloud-provider-vlan-ip-config ConfigMap in your classic cluster, you might see an error message similar to the following example output.

oc describe cm ibm-cloud-provider-vlan-ip-config -n kube-system

Warning  CreatingLoadBalancerFailed ... ErrorSubnetLimitReached: There are already the maximum number of subnets permitted in this VLAN.

In standard clusters, the first time that you create a cluster in a zone, a public VLAN and a private VLAN in that zone are automatically provisioned for you in your IBM Cloud infrastructure account.

In that zone, 1 public portable subnet is requested on the public VLAN that you specify and 1 private portable subnet is requested on the private VLAN that you specify. For Red Hat OpenShift on IBM Cloud, VLANs have a limit of 40 subnets. If the cluster's VLAN in a zone already reached that limit, you might not have a portable public IP address available to create a network load balancer (NLB).

To view how many subnets a VLAN has:

  1. From the IBM Cloud infrastructure console, select Network > IP Management > VLANs.
  2. Click the VLAN Number of the VLAN that you used to create your cluster. Review the Subnets section to see whether 40 or more subnets exist.

If you need a new VLAN, order one by contacting IBM Cloud support.

Then, create a cluster that uses this new VLAN.

If you have another VLAN that is available, you can set up VLAN spanning in your existing cluster. After, you can add new worker nodes to the cluster that use the other VLAN with available subnets. To check if VLAN spanning is already enabled, use the ibmcloud oc vlan spanning get --region <region> command.

If you are not using all the subnets in the VLAN, you can reuse subnets on the VLAN by adding them to your cluster.

  1. Check that the subnet that you want to use is available. The infrastructure account that you use might be shared across multiple IBM Cloud accounts. In this case, even if you run the ibmcloud oc subnets command to see subnets with Bound Clusters, you can see information only for your clusters. Check with the infrastructure account owner to make sure that the subnets are available and not in use by any other account or team.

  2. Use the ibmcloud oc cluster subnet add command to make an existing subnet available to your cluster.

  3. Verify that the subnet was successfully created and added to your cluster. The subnet CIDR is listed in the Subnet VLANs section.

    ibmcloud oc cluster get --cluster <cluster_name> --show-resources

    In this example output, a second subnet was added to the 2234945 public VLAN:

    Subnet VLANs
VLAN ID   Subnet CIDR          Public   User-managed
2234947   10.xxx.xx.xxx/29     false    false
2234945   169.xx.xxx.xxx/29    true     false
2234945   169.xx.xxx.xxx/29    true     false

  4. Verify that the portable IP addresses from the subnet that you added are used for the load balancer's EXTERNAL-IP. It might take several minutes for the services to use the portable IP addresses from the new subnet.

    oc get svc -n kube-system