Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot successfully register targets if VPC subnets are different from VPC CIDR block associations #3714

Open
nullren opened this issue May 23, 2024 · 1 comment
Open

Cannot successfully register targets if VPC subnets are different from VPC CIDR block associations #3714

nullren opened this issue May 23, 2024 · 1 comment

Comments

@nullren
Copy link

nullren commented May 23, 2024
edited

Describe the bug
the controller cannot register targets in targetgroupbinding with aws api error

ValidationError: The Availability Zone is required for IP address '10.4.40.87' because it is not in the VPC

this is because the registerPodEndpoints function is looking up cidr blocks associated to the vpc and not the actual subnets which is what the aws api compares.

Steps to reproduce

create vpc and associate more cidr blocks than subnets

$ aws ec2 describe-vpcs --vpc-ids vpc-000000000000 | jq -r '.Vpcs[] | .CidrBlockAssociationSet[] | .CidrBlock'
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
10.4.0.0/16

then add a few subnets to the vpc

$ aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-000000000000" | jq -r '.Subnets[] | .CidrBlock'
10.1.0.0/19
10.2.0.0/19

try to manually add a target to the target group

$ aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:us-east-1:000000000000:targetgroup/k8s-default-targetgroupname-0000000/0000000000000 --targets Id=10.4.46.99,Port=80

An error occurred (ValidationError) when calling the RegisterTargets operation: The Availability Zone is required for IP address '10.4.46.99' because it is not in the VPC

Expected outcome
this is fixed when adding AvailabilityZone=all to the request and what should happen in the initial check

Environment

  • AWS Load Balancer controller version: 2.7.2
  • Kubernetes version
  • Using EKS (yes/no), if so version? yes

Additional Context:
@nullren nullren mentioned this issue May 28, 2024
Draft
6 tasks
@nullren
Copy link
Author

nullren commented May 28, 2024

i've started a pr to draft out some ideas here but to also on my end to unblock my work.

one thing i'm ensure of is the "source of truth" for what the problem is, it seems there are a few things going on here:

  • does the register-targets api actually look to just the subnets for discovery?
  • is the difference between what the describe-vpcs subnets and the subnets i can see from describe-subnets something that should be reconciled via something like sharing subnets between accounts?
  • how important is autodiscovery here and are we going to cause problems by setting AvailabilityZone=all for these? is there a reason we should not always set it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nullren