aws-load-balancer-controller: unable to resolve at least one subnet

Describe the bug i have installed aws load balancer controller using helm chart. However, i am getting the below error. {"level":"error","ts":"2023-05-26T08:35:07Z","msg":"Reconciler error","controller":"service","object":{"name":"grpc-ingressgateway","namespace":"istio-system"},"namespace":"istio-system","name":"grpc-ingressgateway","reconcileID":"3e7af4a6-6605-4596-84dc-8c0ce70032c2","error":"unable to resolve at least one subnet"}

Please note that i have the tags in all of my subnets(both private and public)

Also, ALB controller points to the correct cluster name and VPC.

containers:
      - args:
        - --cluster-name=intr-dev-eks-eu-west-1
        - --ingress-class=alb
        - --aws-region=eu-west-1
        - --aws-vpc-id=vpc-0b3f9a142f4370b89
        image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.2

But still its not discovering the subnets. Not sure what is the issue. Please help

Steps to reproduce Install AWS LOAD BALANCER CONTROLLER

Expected outcome A concise description of what you expected to happen.

Environment

AWS Load Balancer controller version v2.5.2
Kubernetes version 1.26
Using EKS (yes/no), if so version? yes, 1.26

Additional Context:

About this issue

Original URL
State: open
Created a year ago
Reactions: 14
Comments: 15 (3 by maintainers)

Most upvoted comments

We found out what caused the issue: It was a combination configuration change with the breaking change in the application v. 2.5

It seems now to be mandatory to set: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing

Here is the final configuration that works reliably

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
    service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eipalloc-0d8f2c0f17aeb24da,eipalloc-086f78e84e2130bde
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-003e7a14308b14be5,subnet-035046f571c2cf29e
    service.beta.kubernetes.io/aws-load-balancer-type: nlb

Vad1mo on Jun 8, 2023

I encountered the following error: "error":"unable to resolve at least one subnet". This issue was present for some of my services even though I properly configured the subnet discovery as per the official guide: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/deploy/subnet_discovery/. Only one of my service and load balancer was successfully created by the way.

I have managed to work around the issue by explicitly defining the subnets using service.beta.kubernetes.io/aws-load-balancer-subnets. However, I find it odd that auto-discovery didn’t work. Here is my current working configuration:

service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-name: "xxx"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-a, subnet-b,subnet-c

Thanks @Vad1mo for the hint.

If anyone could shed light on why the auto-discovery did not work, that would be very helpful.

helm chart version: v1.5.5
app version: v2.5.4

tommyasai on Jul 22, 2023

I had the same problem. Brand new EKS cluster with chart 1.5.3 and getting “unable to resolve at least one subnet”.

I did not have the required tags for auto discovery as documented here https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/deploy/subnet_discovery/

After setting the required tags I deleted the pods to force a reload and the NLBs were created without issue.

taylorshaulis on Jun 6, 2023

Hello.

thanks @johngmyers , I found a cloudtrail log. Don’t know why but I need to add the tag kubernetes.io/role/elb + kubernetes.io/role/internal-elb.

Maybe now, kubernetes.io/role/elb is for all.

ktibi on Jul 24, 2023