RKE2 Cluster creation fails with private subnets about rke2-aws-tf HOT 4 CLOSED

From everything I can tell given AWS documentation and claims of other people on the Internet, this should work and I'm at a loss figuring out why it doesn't. Even totally opening up the security groups to allow all traffic from anywhere made no difference. I might try to see if there is anything to figure out from a simpler scenario tomorrow or in the coming week, just running a single nginx server on an EC2 with a private IP pointed to by a load balancer with a public IP. The health check still works. It just isn't forwarding traffic even when it has a healthy instance. If the simpler scenario still doesn't work, I'm not sure what else to say. AWS doesn't document super-well how to handle all possible network configurations.

from rke2-aws-tf.

It's the fact that we're putting the load balancer and cluster nodes in the same subnets. If those are private subnets, the load balancer can't be accessed from the Internet, even though it has a public IP address or addresses. They're misleading and don't actually go anywhere. The same seems to go for Elastic IPs. Whatever they point to has to be in a public subnet or it won't be reachable.

We'll have to modify the module to accept a separate subnet list for the load balancer. It'll be up to the user, but for an Internet-facing load balancer scheme, these will have to be public subnets.

from rke2-aws-tf.

Thank you adamacosta for digging into it! We reached the same conclusion about the subnet location of the LBs. We look forward to the update with public and private subnet support for the LB.

from rke2-aws-tf.

Fixed by #102

from rke2-aws-tf.