• Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

    2 min read

    Using an ALB controller we might face the following error while creating Ingress objects:

    $ kubectl describe ingress pet2cattle -n pet2cattle
    Name:             pet2cattle
    Namespace:        pet2cattle
    Address:          
    Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
    Rules:
      Host                        Path  Backends
      ----                        ----  --------
      admin-site.pet2cattle.com  
                                  /   ssl-redirect:use-annotation (<error: endpoints "ssl-redirect" not found>)
                                  /   pet2cattle:http (10.103.202.36:9000)
    Annotations:                  alb.ingress.kubernetes.io/actions.ssl-redirect:
                                    {"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
                                  alb.ingress.kubernetes.io/group.name: pet2cattle
                                  alb.ingress.kubernetes.io/listen-ports: [{"HTTP":80},{"HTTPS":443}]
                                  alb.ingress.kubernetes.io/scheme: internal
                                  alb.ingress.kubernetes.io/target-type: ip
                                  kubernetes.io/ingress.class: alb
                                  meta.helm.sh/release-name: pet2cattle
                                  meta.helm.sh/release-namespace: pet2cattle
    
    Events:
      Type     Reason            Age                 From     Message
      ----     ------            ----                ----     -------
      Warning  FailedBuildModel  16m (x19 over 38m)  ingress  Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet
    

    This message is telling us that the ALB controller is no able to find the subnets of the requested type. We will have to check the following:

    12/07/2021

    Read more...
  • Kubernetes Ingress: Required value: pathType must be specified

    1 min read

    While upgrading Ingress objects to networking.k8s.io/v1 you'll find out, among other changes that now the pathType is a required option:

    spec.rules[0].http.paths[0].pathType: Required value: pathType must be specified, spec.rules[0].http.paths[1].pathType: Required value: pathType must be specified
    

    20/04/2021

    Read more...
  • ALB Ingress: redirect traffic to HTTPS

    2 min read

    One of the beauties of using an ALB Ingress controller on AWS is that you can configure SSL certificates for your Ingress by just defining you want to use HTTPS

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
    

    But this is going to serve the same content using HTTP and HTTPS. Configuring a SSL redirect it is also pretty straightforward but involves two steps:

    22/03/2021

    Read more...
  • Kubernetes: nginx ingress controller - failed calling webhook

    2 min read

    On a kubernetes cluster you might find the following error:

    $ kubectl apply -f ingress.yaml 
    Error from server (InternalError): error when creating "ingress": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1beta1/ingresses?timeout=10s: service "ingress-nginx-controller-admission" not found
    

    26/02/2021

    Read more...
  • Ingress API changes from beta to GA

    2 min read

    In kubernetes it has become common practice to use objects that are not yet GA, for instance: The Kubernetes team graduated the Ingress API to general availability (GA) in the 1.19 release (September 25th, 2020): it was first introduced in 2015. But there's one drawback that we really need to be aware: Using a alpha or beta API means that the interface might change and, for Ingress, it did change.

    Let's take this Ingress yaml using extensions/v1beta1 as an example:

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: beta-ingress
      annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internal
        alb.ingress.kubernetes.io/target-type: ip
    spec:
      rules:
        - http:
            paths:
              - backend:
                  serviceName: example
                  servicePort: 8080
                path: /*
    

    If we try to apply it on a 1.19+ kubernetes cluster, we will get a warning message like this:

    $ kubectl apply -f beta-ingress.yaml
    Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
    ingress.extensions/testingress created
    

    25/02/2021

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets