Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

2 min read

Using an ALB controller we might face the following error while creating Ingress objects:

$ kubectl describe ingress inspect-green-sonarqube -n inspect-green
Name:             inspect-green-sonarqube
Namespace:        inspect-green
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                        Path  Backends
  ----                        ----  --------
  inspect-green.clarivate.io  
                              /   ssl-redirect:use-annotation (<error: endpoints "ssl-redirect" not found>)
                              /   inspect-green-sonarqube:http (10.103.202.36:9000)
Annotations:                  alb.ingress.kubernetes.io/actions.ssl-redirect:
                                {"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
                              alb.ingress.kubernetes.io/group.name: inspect-green
                              alb.ingress.kubernetes.io/listen-ports: [{"HTTP":80},{"HTTPS":443}]
                              alb.ingress.kubernetes.io/scheme: internal
                              alb.ingress.kubernetes.io/target-type: ip
                              kubernetes.io/ingress.class: alb
                              meta.helm.sh/release-name: inspect-green
                              meta.helm.sh/release-namespace: inspect-green

Events:
  Type     Reason            Age                 From     Message
  ----     ------            ----                ----     -------
  Warning  FailedBuildModel  16m (x19 over 38m)  ingress  Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

This message is telling us that the ALB controller is no able to find the subnets of the requested type. We will have to check the following:

We'll need to make sue we have the following annotations on the Ingress object if we are using a private subnets:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip

In case we are using a public-facing subnets we can switch alb.ingress.kubernetes.io/scheme to internet-facing:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip

Then, we will have to check the subnets, the ALB controller require them to be properlu tagged with the cluster name that is allowed to use them. So, likewise we did with the Ingress annotations, if it is a private IP we will have to make sure it has the following tags:

kubernetes.io/cluster/$CLUSTER_NAME    shared
kubernetes.io/role/internal-elb          1

In cas they are a public segment, the tags would be:

kubernetes.io/cluster/$CLUSTER_NAME      shared
kubernetes.io/role/elb                     1

For further information, we can check the AWS knowledge-center and the AWS EKS documentation regarding VPC/subnet tagging


Posted on 12/07/2021

Categories