Error creating GCE load balancer: requested address ip is neither static nor assigned to LB

Question

I have a situation where Kubernetes apparently can no longer assign an external IP address to a service upon kubectl create -f Deployment.yaml. kubectl describe service <my-service> reports the following error:

CreatingLoadBalancerFailed    
Error creating load balancer (will retry): Failed to create load balancer 
for service default/<my-service>: requested ip <my-address> is 
neither static nor assigned to LB <id>(default/<my-service>): <nil>

But gcloud compute addresses list indicates that my-address is a static IP address:

NAME          REGION        ADDRESS       STATUS
<my-address>  europe-west1  <ip-address>  RESERVED

And Deployment.yaml contains a spec for <my-service> that assigns <my-address> to a load balancer:

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: my-app
ports:
  - protocol: UDP
    port: <my-port>
type: LoadBalancer
loadBalancerIP: <my-address>

What is especially strange: the (almost) same deployment has worked before. I have already tried to recreate my cluster, but this also did not help. What else could be wrong and how can I overcome the error to make my service reachable from the outside again?

UPDATE I have reserved a new static (this time also global) IP address with gcloud compute addresses create test-address --global and changed the assignment to LB accordingly: loadBalancerIP: test-address. But the same error remains still.

UPDATE If I don't specify loadBalancerIP in Deployment.yaml, deployment succeeds without errors an a new external IP address is assigned to my-service. The service can be pinged from outside at this address.

UPDATE If I delete my former address with gcloud compute addresses delete my-address --region europe-west1, promote the new external address with gcloud compute addresses create --addresses <ip-address> --region europe-west1, and then redeploy with the original line loadBalancerIP: my-address restored in Deployment.yaml, the same error surfaces again.

Answer 1

I had a similar problem. It turns out that if the IP address is reserved as global then it won't work. I deleted my reservation and changed it to the same region as my kubernetes cluster. --global I had to use --region europe-west2 - the same region as my k8s cluster.

before: fail gcloud compute addresses create my-secure-sftp --global

after: success gcloud compute addresses create my-secure-sftp --region europe-west2

@see https://github.com/kubernetes/kubernetes/issues/22721 for more details

Answer 2

The problem was in Deployment.yaml where I was referring to the address under loadBalancerIp by its symbolic name rather than the numeric IP address (NAME and ADDRESS as revealed by gcloud compute addresses list respectively). If I use the numeric IP address instead, the load balancer comes up my service can be accessed externally at this address (via the load balancer). (This previous answer brought me on the right track. I was under the perhaps wrong impression that using the symbolic name had previously worked.)

Background Since I was switching to an own VM instance (instead of Google Cloud shell) for developing container images, I am receiving "Insufficient Permission" errors from gcloud compute addressess list on that VM instance. I understand that I could improve this by recreating the VM instance with scope https://www.googleapis.com/auth/compute.readonly. In any case, this restriction apparently had nothing to do with the problem at hand.

Answer 3

You should create regional address:

gcloud compute addresses create my-secure-sftp --region europe-west2

It allocates Global IP for ingress controller (status IN_USE), this is exactly what you need.

Global static and Internal static will not work in your case.

Answer 4

You should create a regional address in the same region, zone and project on GCP

I have a problem because I create an IP on a different project that I'm configuring the LoadBalancer.