When you upgrade the Cloud Controller Manager (CCM) in a Container Compute Service (ACS) cluster, the system runs a precheck to verify that each Server Load Balancer (SLB) instance matches its corresponding Kubernetes Service specification. If a mismatch is found, the precheck fails and returns an error message describing the intended change.
This topic lists each precheck error by category, explains the root cause, and provides resolution steps.
Before you begin
Review the Cloud Controller Manager documentation to understand what changes the new version introduces.
Do not modify any Services while a precheck is in progress. Modifying a Service during the precheck can produce inaccurate results. If this happens, re-initiate the precheck. If the precheck still fails, submit a ticket.
The CCM manages SLB instances based on Kubernetes Service annotations. Manually modifying SLB instances in the SLB console while the CCM manages them causes configuration drift, which is a common reason for precheck failures. Either manage the load balancer entirely through Kubernetes Service annotations, or use an externally managed SLB -- but do not mix the two approaches.
SLB specification and billing mismatches
These errors occur when the SLB instance specifications, bandwidth, billing method, or metering method differ from what the Service annotation specifies.
modify the slb instance spec
Cause: The SLB instance specifications do not match the value in the Service annotation.
Resolution: Set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-spec in the Service annotation to match the actual SLB instance specifications. For details, see Use annotations to configure CLB instances.
modify the slb internet spec
Cause: The SLB maximum bandwidth or billing method does not match the Service annotation.
Resolution:
If the bandwidth is wrong, set
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidthin the Service annotation to match the SLB instance. For details, see Create a pay-by-bandwidth CLB instance.If the billing method is wrong, set
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-charge-typein the Service annotation to match the SLB instance. For details, see Create a pay-by-bandwidth CLB instance.
modify loadbalancer instance charge type
Cause: The metering method of the Service differs from the SLB instance.
Resolution:
If you manually changed the Classic Load Balancer (CLB) instance metering method to PayByCLCU in the SLB console, delete the
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-specannotation from the Service.If you did not change the metering method in the SLB console, do not modify the Service during the precheck and run the precheck again.
Service lifecycle mismatches
These errors occur when the SLB instance lifecycle is out of sync with the Kubernetes Service.
create a new load balancer
Cause: An SLB instance is being created as part of Service creation or synchronization of an existing Service.
Resolution: Check whether the Service is in the Pending or Running state:
kubectl get svc <service-name> -n <namespace>Replace <service-name> with the name of the Service and <namespace> with the namespace of the Service.
If the Service is Running and has a public IP address, run the precheck again.
If the Service is Pending, submit a ticket.
delete the load balancer
Cause: The Service no longer exists, but the associated SLB instance was not deleted.
Resolution:
If you no longer need the SLB instance, delete it in the SLB console.
If you still need the SLB instance, submit a ticket.
Listener configuration mismatches
These errors occur when the Service port configuration differs from the SLB listener configuration. This typically happens after manually modifying listeners in the SLB console.
stop listener / start listener
Cause: The Service port differs from the SLB listener port.
Resolution:
If you did not modify the listener in the SLB console, do not modify the Service during the precheck and run the precheck again.
If you manually modified the listener in the SLB console, compare the Service configuration with the SLB listener, restore the listener settings, and run the precheck again:
kubectl -n <namespace> describe svc <service-name>
delete listener
Cause: The Service port differs from the SLB listener port.
Resolution:
If you did not modify the listener in the SLB console, do not modify the Service during the precheck and run the precheck again.
If you manually modified the listener in the SLB console, delete the extra listeners and run the precheck again.
create listener
Cause: The Service port differs from the SLB listener port.
Resolution:
If you did not modify the listener in the SLB console, do not modify the Service during the precheck and run the precheck again.
If you manually modified the listener in the SLB console, add the missing listeners and run the precheck again.
update listener
Cause: The Service port differs from the SLB listener port.
Resolution:
If you did not modify the listener in the SLB console, do not modify the Service during the precheck and run the precheck again.
If you manually modified the listener in the SLB console, compare the Service configuration with the SLB listener settings and restore the listener configuration (including the certificate, access control setting, health checks, and cookies). Then run the precheck again. For details on the annotations that control these settings, see Use annotations to configure CLB instances.
kubectl -n <namespace> describe svc <service-name>
Backend server and vServer group mismatches
These errors occur when the Service endpoint differs from the backend server or vServer group configuration on the SLB instance.
remove backend servers / add backend servers
Cause: The Service endpoint differs from the SLB backend server configuration.
Resolution:
If you did not modify the backend server configuration in the SLB console, do not change the Service endpoint during the precheck and run the precheck again.
If you manually modified the backend server configuration in the SLB console, restore the vServer group configuration of the SLB instance and run the precheck again.
create VServerGroup / delete VServerGroup / add VServerGroup backends / remove VServerGroup backends
Cause: The Service endpoint differs from the vServer group configuration on the SLB instance.
Resolution:
If you did not modify the vServer group in the SLB console, do not change the Service endpoint during the precheck and run the precheck again. If the
create vServerGrouperror persists after multiple prechecks, submit a ticket.If you manually modified the backend server configuration in the SLB console, restore the vServer group configuration of the SLB instance and run the precheck again.
Get help
If the precheck continues to fail after you follow the resolution steps, submit a ticket. Include the following information to speed up troubleshooting:
ACS cluster ID
CCM version you are upgrading from and to
The exact precheck error message
The Service YAML output:
kubectl get svc <service-name> -n <namespace> -o yamlThe SLB instance ID and its current configuration in the SLB console