I have deployed a cluster on Azure using AKS-engine on a existing VNET. My group has Owner permission over resources. Now all my load balancer service is not getting Public IP, it hangs on a pending state forever.
kubectl describe svc zevac-frontend-lb
Name: zevac-frontend-lb
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"zevac-frontend-lb","namespace":"default"},"spec":{"loadBalancerIP":"52.172.46....
Selector: app=zevac-frontend
Type: LoadBalancer
IP: 10.0.245.52
IP: 52.172.46.210
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 31723/TCP
Endpoints: 10.0.3.11:80,10.0.3.45:80
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning CreatingLoadBalancerFailed 6m (x9 over 35m) service-controller Error creating load balancer (will retry): failed to ensure load balancer for service default/zevac-frontend-lb: timed out waiting for the condition
Normal EnsuringLoadBalancer 1m (x10 over 37m) service-controller Ensuring load balancerIn your issue, I think there are two possible reasons. One is that your public IP is not in the same region with your AKS cluster. I think it's the most possible reason. The other one is your AKS cluster does not have the permission to do that action.
When you use the static public IP, there are also two means. One is in the node group and the other is outside the node group. When you use the public IP outside the node group your AKS cluster should have the "Network Contributor" permission of the group that the public IP in at least. See Use a static IP address outside of the node resource group.
Answering my own question, so that in future somebody could save some time. aks-engine has this bug which is well known. To solve use aks service from azure cli or management portal which currently support deploying a cluster over an existing VNET.