Kubernetes ingress controller errors


#1

Hi,

Im getting the following error when trying out the argo ingress controller.

time=“2018-05-09T11:46:05Z” level=error msg=“Server error: error creating new pool ***: authentication error: response: {\n “result”: null,\n “success”: false,\n “errors”: [\n {\n “code”: 1002,\n “message”: “Probing from every data centre is not allowed with this subscription. Please choose regions to probe from.: validation failed”\n }\n ],\n “messages”: []\n}\n”

Does anyone know how to solve it? I assume you need an enterprise account to probe from all regions which I dont have.

Regards,
Riaan


#2

Hi @riaan53,

There are soem changes we’re making to Argo generally around LB, not sure if this is known/ expected at the moment. I have logged an internal issue for the team to take a look. You may already be, but could ou make sure you have the latest build? I expect there will be an updated build with additional LB enhancements in the not too distant future, but hoping to get back info on your current error.


#3

Hi @cscharff,

Thank you for getting back to me. Yes im using the latest helm chart as published 5 days ago (https://github.com/StackPointCloud/trusted-charts/tree/master/stable/cloudflare-warp-ingress v0.5.0). Looking forward to getting it up and running!

Regards,
Riaan


#4

Out of curiosity, would you mind trying it again? There was an argo issue this AM (since resolved)… I don’t think it was related to the error you saw, but maybe we’ll get lucky?


#5

Just gave it another go but im running into the same error :frowning:


#6

same here, and it also did not create the endpoint https://argo.mydomain.com/ mentioned in docs, presumably for the same reason


#7

Ok, some progress! I did manage to get the error to go away, by manually creating a LB pool as per the exact name that was shown in the error, using a random ip address I know to exist.

When I checked the pool I noticed that a new origin had been added to the pool, which is a cname reference as we’d expect with a tunnel.

I removed the non sensible random ip address origin leaving only the one that warp daemon had created.

After some time traffic began to be routed! It’s still failing it’s health check as I write, however at least it’s up.

Hope this helps someone out there!


503 Service Unavailable The origin has been unregistered from Argo Tunnel (after 12h)
#8

Same error here, and unable to make it work.

It strange as the hello-example from the cloudflared software worked, and created the relevant DNS record. However here, nothing seems to be created.

using a random ip address I know to exist.. How did you come up with such an IP ?


#9

I’m also curious about this authentication error :

error creating new pool httpbin.my-domain.com: authentication error: response: {
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 1002,
      "message": "Probing from every data centre is not allowed with this subscription. Please choose regions to probe from.: validation failed"
    }
  ],
  "messages": []
}

additionally, I receive the following error in the same form as the above : no DNS records returned: validation failed

Is there a step I missed ?


#10

It didn’t matter what the ip was, as I switched off traffic. It was just to make the LB pool exist because argo tunnel is not creating it.

The probing thing is something to do with the fact that when argo tries to create the LB pool then it’s defaulting to an enterprise level one, which has global health checks.

When you create it yourself then it will default to having a single health check zone. They advise to check that is the case though.

I got the same DNS error, but it eventually goes away once the new domain has been routed to the internal tunnel cname


#11

Thanks a lot for your reply @barry1

Do I need to create the CNAME myself or will be created automatically ?


#12

no the cname should be created by argo, and will be obviously a machine generated hash


#13

Yoohoo the httpbin example worked, creating the pool was the trick, thanks a lot again @barry1