IBM Cloud Docs
Why do I see SyncLoadBalancerFailed errors when creating a VPC cluster?

Why do I see SyncLoadBalancerFailed errors when creating a VPC cluster?

When setting up load balancing on my VPC cluster, I see an error message similar to the following.

Warning  CreatingCloudLoadBalancerFailed  55s                ibm-cloud-provider  Error on cloud load balancer kube-<CLUSTERID>-<SERVICE_UUID> for service <NAMESPACE>/<SERVICE_NAME> with UID <SERVICE_UUID>: Failed ensuring LoadBalancer: FindLoadBalancer failed: FindLoadBalancer failed: An error occurred while performing the 'authenticate' step: 400 Bad Request [{"incidentID":"XXX","code":"XXX","description":"Error message from IAM: '401 Unauthorized. Transaction-Id: XXX Details: {\"errorCode\":\"BXNIM0430E\",\"errorMessage\":\"User login from given IP address is not permitted.\",\"errorDetails\":\"The user has configured IP address restriction for login. The given IP address 'XXXX' is not contained in the list of allowed IP addresses.\",\"context\":...,"type":"Authentication"}]
Warning  SyncLoadBalancerFailed           55s                service-controller  Error syncing load balancer: failed to ensure load balancer: Error on cloud load balancer kube-<CLUSTERID>-<SERVICE_UUID> for service <NAMESPACE>/<SERVICE_NAME> with UID <SERVICE_UUID>:: Failed ensuring LoadBalancer: FindLoadBalancer failed: FindLoadBalancer failed: An error occurred while performing the 'authenticate' step: 400 Bad Request [{"incidentID":"XXX","code":"XXX","description":"Error message from IAM: '401 Unauthorized. Transaction-Id: XXX Details: {\"errorCode\":\"BXNIM0430E\",\"errorMessage\":\"User login from given IP address is not permitted.\",\"errorDetails\":\"The user has configured IP address restriction for login. The given IP address 'XXX' is not contained in the list of allowed IP addresses.\",\"context\":...,"type":"Authentication"}]

This error occurs when your IAM allowlist doesn't allow the necessary communication to control plane IPs.

To resolve this issue, add the control plane IPs for the region where your cluster is located to your IAM allowlist.

For a list of control plane IPs by region, see the IBM/kube-samples repo