Creating a nginx-ingress-controller results in error "provided port is not in the valid range"
search cancel

Creating a nginx-ingress-controller results in error "provided port is not in the valid range"

book

Article ID: 298580

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

This article summarizes a workaround when attempting to create an nginx-ingress-controller results in the error message: "provided port is not in the valid range. The range of valid ports is 30000-32767".

Environment

Tanzu Kubernetes Grid Integrated Edition

Cause

When using helm to install nginx-ingress-controller with http or https controller.service.nodePorts outside of the default --service-node-port-range of the kube-apiserver, this error (or similar) can occur.

For example: 
$ helm install --name nginx-ingress stable/nginx-ingress --set controller.service.type=NodePort --set controller.service.nodePorts.http=17080 --set controller.service.nodePorts.https=17443 --namespace default
Error: release nginx-ingress failed: Service "nginx-ingress-controller" is invalid: spec.ports[0].nodePort: Invalid value: 17080: provided port is not in the valid range. The range of valid ports is 30000-32767
In the above case, the kube-apiserver has the --service-node-port-range flag set to its default portRange of 30000-32767.

In order to utilize different nodePort numbers to map to the Ingress' ports of 80 (http) or 443 (https) which are outside the default range, you must update the kube-apiserver --service-node-port-range parameter to reflect this.

Resolution

PKS deploys Kubernetes clusters using the BOSH release of OSS CFCR (Cloud Foundry Container Runtime), which is also known as Kubo release. For a BOSH managed deployment or object, here are the steps:

1. First, if using multi-master HA cluster, follow this knowledge article to identify the current master leader and take action on the leader: 
How to identify the LEADER for Kubernetes Master endpoints in a Multi-Master Cluster configuration in PKS


2. If using single master cluster, then simply continue with these steps:

a. Use "bosh -d ... ssh ..."  to ssh your master node. These steps are included in the above article.

b. Become root:
sudo -i
c. Change to the appropriate BOSH directory:
cd /var/vcap/jobs/kube-apiserver/config
d. Edit the bpm.yml file. Add the entire following line:
  - "--service-node-port-range=17080-17443"
e. Save the file.

f. Restart the kube-apiserver:
monit restart kube-apiserver
g. You can verify it goes into "running" state with:
watch monit summary
h. You will have to purge the failed nginx-ingress install:
helm del --purge nginx-ingress
i. Then re-install your nginx-ingress-controller.

j. Now you can re-install the nginx-ingress-controller helm chart:
helm install --name nginx-ingress stable/nginx-ingress --set controller.service.type=NodePort --set controller.service.nodePorts.http=17080 --set controller.service.nodePorts.https=17443 --namespace default

NOTE: Manual modifications to the kube-apiserver parameters will not survive cluster upgrades or VM recreation. However, customers could use the TKGI Kubernetes Profiles feature to have the kube-apiserver set a specific node port range to use.  See the TKGI doc Using Kubernetes Profiles for more information.

Powered by Wolken Software