LBs will have resource name limits based on services subnet name

Question

LBs will have resource name limits based on services subnet name

aegershman opened this issue 5 years ago · 1 comments

Was trying to provision an internal LB on Azure. It wasn’t provisioning so I took a peek in the resource-group event logs & saw this:

Operation name
Create or Update Load Balancer
Time stamp
Wed Oct 09 2019 14:39:54 GMT-0500 (Central Daylight Time)
Event initiated by
pks-master
Error code
InvalidResourceName
Message
Resource name a6e3b5380eaca11e9ac9f000d3a42ae6-sandbox-centralus-xxxxxxxx-infrastructure-subnet is invalid. The name can be up to 80 characters long. It must begin with a word character, and it must end with a word character or with '_'. The name may contain word characters or '.', '-', '_'.

a6e3b5380eaca11e9ac9f000d3a42ae6-sandbox-centralus-xxxxxxxx-infrastructure-subnet is, coincidentally, 81 (eighty one) characters long ¯\_(ツ)_/¯

Unfortunately I don't think there's a way to override the LB's generated resource name. I wanted to point out that generated resource name will use a naming scheme based on the subnet the LB is associated with, so just be mindful of that when creating the subnet naming scheme.

see also: Azure/ACS#34 (comment)

Here's the svc definition (for an nginx-ingress):

controller:
  service:
    annotations:
      service.beta.kubernetes.io/azure-load-balancer-internal: "true"
      service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "sandbox-centralus-xxxxxxxx-infrastructure-subnet"

We have to have the service.beta.kubernetes.io/azure-load-balancer-internal-subnet annotation because by default (I think) it'll search for the name of the BOSH cloud-config network the worker is deployed in; e.g., pks-services. So in our case, since the "network config" name BOSH uses is separate from the actual name of the subnet, we need to provide the annotation.

Again, just putting this out there for others to see and consider. Feedback definitely welcome, though. Thanks!

Answer 1 · 2019-10-10T15:19:35.000Z

UPDATE: I realized I was putting this in the wrong subnet. It needs to be in sandbox-centralus-xxxxxxxx-services-subnet. But then when I created it, it gave me the same error but with a new naming issue:

Resource name a67f06444eb6f11e9b817000d3a4201b-sandbox-centralus-xxxxxxxx-services-subnet-TCP-80 is invalid. The name can be up to 80 characters long

It felt compelled to append TCP-80, which I didn't see coming. Maybe there's something else on the config I'm missing.

EDIT: I just realized I believe these resource name length errors aren't with provisioning the LB itself, but rather the LB rules. The issue still stands, I suppose. But just a point of clarification.

EDIT EDIT: Doing a bit of math; the uuid of a67f06444eb6f11e9b817000d3a4201b is 32 characters long + the - is 1. The suffix of -TCP-80 is -PROTOCOL-PORT. Assuming protocol is 3, and the max port number is 65535 which is 5 chars, we get a suffix of 10 chars in length.

33 + 10 is 43 of generated chars, then 80 - 43 is 37 as the maximum safe name length for the subnet you'd like to deploy the internal LBs into.