In NSX, stale TKG load balancer/server pool objects are causing NSX upgrade precheck errors
Article ID: 411133
Updated On:
Products
Issue/Introduction
- NSX upgrade precheck errors on Edge that is used by the load balancer
- NSX alarm showing the LB pool status as down:
- Server pool status is Down and it has no pool members associated
- After a TKGS Namespace is deleted, certain Load Balancer services may not be properly cleaned up on NSX and hence the above alarms
Environment
VMware NSX
VMware NSX-T Data Center
Cause
When attempting to remove the Namespace, NSX is unable to complete the deletion of the load balancing services.
This is because the DFW rules were created manually using groups that were automatically generated by Tanzu.
Resolution
Workaround #1:
Remove the related DFW rules, and NSX Manager will complete the deletion of all LB services associated with the removed Namespace.
Workaround #2:
If even after the related DFW rules are deleted, still the state ones persists, the stale ones can be removed using the API call:
On the NSX UI, get the related LB service IDs, virtual server IDs and pool IDs and use the following APIs either using Postman or using NSX manager CLI via Curl to delete these stale load balancer objects:
1. Delete the related stale Load Balancer service pertaining to the Virtual server using the API:
curl -k -u <username>:<password> -X DELETE 'https://<nsx-manager-ip>/api/v1/loadbalancer/services/<load-balancer-service-id>' -H "X-Allow-Overwrite: true"
2. Delete the stale Virtual servers using the API:
curl -k -u <username>:<password> -X DELETE 'https://<nsx-manager-ip>/api/v1/loadbalancer/virtual-servers/<virtual-server-id>' -H "X-Allow-Overwrite: true"
3. Delete the state server pool using the API:
curl -k -u <username>:<password> -X DELETE 'https://<nsx-manager-ip>/policy/api/v1/loadbalancer/lb-pools/<pool-id>' -H "X-Allow-Overwrite: true"
After the stale LBs are removed, performing the prechecks for NSX upgrade will not show any more errors
Additional Information
Feedback
