Deploying PKS cluster using DNS Lookup Network-Profile. The PKS cluster gets deployed successfully. The cluster LB Ingress http/https Virtual Servers are not getting created when creating the cluster.
Note: This can be verified by:
Similar errors messages as seen below can be found in the /var/vcap/sys/log/ncp//ncp.stdout.log on the Cluster's Master node.
2020-05-08T17:56:04.923Z 50ffdb89-c0b1-4aca-8009-ff13fc64c870 NSX 11263 - [nsx@6876 comp="nsx-container-ncp" subcomp="ncp" level="WARNING"] vmware_nsxlib.v3.client The HTTP request returned error code 409, whereas 201/200 response codes were expected. Response body {u'error_code': 5141, u'error_message': u'Requested IP Address ##.###.##.### is already allocated.', u'httpStatus': u'CONFLICT', u'module_name': u'id-allocation service'}
2020-05-08T17:56:04.923Z 50ffdb89-c0b1-4aca-8009-ff13fc64c870 NSX 11263 - [nsx@6876 comp="nsx-container-ncp" subcomp="ncp" level="ERROR" errorCode="NCP00164"] nsx_ujo.ncp.nsx.manager.base_k8s_nsxapi Failed to allocate ip from ip pool: NSX IP
##.###.##.###
is already allocated in ip pool 93a4fb62-fd30-447e-b4ff-0d78f4697c41
Similar errors messages as seen below are found in the /var/log/syslog on the NSX-t Manager
<179>1 2020-05-08T17:56:04.921Z cdppnnsxtm0001 NSX 6084 POOL-MGMT [nsx@6876 comp="nsx-manager" errorCode="MP5141" level="ERROR" reqId="ecc7a0ff-dc21-4a04-96fb-2073973703a1" subcomp="manager" username="pks-87f55023-7545-4298-aebd-a18012a9d456"] Requested ip
##.###.##.###
already allocated
The Ingress IP Address is allocated to the floating IP pool. To verify:
curl -k -u 'admin:VMware1!VMware1!' get https://localhost/api/v1/pools/ip-pools/493a4fb62-fd30-447e-b4ff-0d78f4697c41/allocations
{
"allocation_id": "##.###.##.###
",
"_protection": "NOT_PROTECTED"
},
{
"allocation_id": "##.###.##.###
",
"_protection": "NOT_PROTECTED"
},
TKGi (PKS) versions 1.6, 1.7.
The cluster creation task will first trigger the NSX-T to allocate the ingress IP Address and later NCP will try to allocate the IP again but it won't be able to since the IP Address is already allocated and this will cause the creation of Virtual Servers to fail.
Fixed in TKGi 1.8. Review the release notes for future TKGi (PKS) version passed 1.6.2 and 1.7.0 as they may contain the fix.
After the PKS cluster creation task completes successfully without creating the cluster LB Ingress http/https Virtual Servers, apply the following steps:
st eng
# curl -k -u 'admin:<Password>' get https://localhost/api/v1/pools/ip-pools/<FIP_POOL_ID>/allocations
# curl X POST -H Content-Type:application/json -H X-Allow-Overwrite:True -ku 'admin:<NSXT_Admin_Password>' https://localhost/api/v1/pools/ip-pools/FIP_Pool_ID>?action=RELEASE -d '{"allocation_id":"<Ingress_IP>"}'
# bosh vms --column=Instance
# bosh ssh -d <service-instance_UUID> master -c "sudo /var/vcap/jobs/ncp/bin/nsxcli -c get ncp-master status" | grep "This instance is the NCP master"
Ex:root@opsman:~# bosh ssh -d service-instance_d470208a-6733-465d-a583-46175b772d55 master -c "sudo /var/vcap/jobs/ncp/bin/nsxcli -c get ncp-master status" | grep "This instance is the NCP master"
master/15ed1d27-e7bc-43ec-ac0f-181aa1c4bfc6: stdout | This instance is the NCP master
# bosh ssh -d <service-instance_UUID> master/<UUID>
Ex:# bosh ssh -d service-instance_d470208a-6733-465d-a583-46175b772d55 master/15ed1d27-e7bc-43ec-ac0f-181aa1c4bfc6
# sudo -I
# monit summary
# monit stop ncp
# monit summary
# monit start ncp
# monit summary
Notes: