diff --git a/pkg/provider/aws/nlb.go b/pkg/provider/aws/nlb.go index 4d880e48..6bd4e85d 100644 --- a/pkg/provider/aws/nlb.go +++ b/pkg/provider/aws/nlb.go @@ -54,15 +54,16 @@ func (p *Provider) createNLB(cache *ClusterCache) error { } lbName := nlbBaseName + nlbSuffix - // Use the public subnet for the internet-facing NLB + // Use the public subnet for the internal NLB (same subnet as instances) subnetIDs := []string{cache.PublicSubnetid} - // Create load balancer + // Create load balancer — internal scheme avoids hairpin routing issues + // where nodes connecting to the NLB's public IP get i/o timeouts createLBInput := &elasticloadbalancingv2.CreateLoadBalancerInput{ Name: aws.String(lbName), Type: lbType, Subnets: subnetIDs, - Scheme: elbv2types.LoadBalancerSchemeEnumInternetFacing, + Scheme: elbv2types.LoadBalancerSchemeEnumInternal, IpAddressType: elbv2types.IpAddressTypeIpv4, Tags: p.convertTagsToELBv2Tags(), } diff --git a/pkg/provisioner/templates/kubeadm_cluster.go b/pkg/provisioner/templates/kubeadm_cluster.go index 582469af..163f40c8 100644 --- a/pkg/provisioner/templates/kubeadm_cluster.go +++ b/pkg/provisioner/templates/kubeadm_cluster.go @@ -153,23 +153,6 @@ fi # Initialize cluster if [[ ! -f /etc/kubernetes/admin.conf ]]; then - # Wait for control-plane endpoint to be resolvable (NLB DNS may take time) - if [[ "$CONTROL_PLANE_ENDPOINT" == *"elb.amazonaws.com"* ]] || \ - [[ "$CONTROL_PLANE_ENDPOINT" == *"amazonaws.com"* ]]; then - holodeck_log "INFO" "$COMPONENT" "Waiting for NLB DNS to resolve: ${CONTROL_PLANE_ENDPOINT}" - for i in {1..30}; do - if host "${CONTROL_PLANE_ENDPOINT}" &>/dev/null || \ - getent hosts "${CONTROL_PLANE_ENDPOINT}" &>/dev/null; then - holodeck_log "INFO" "$COMPONENT" "NLB DNS resolved successfully" - break - fi - if [[ $i -eq 30 ]]; then - holodeck_log "WARN" "$COMPONENT" "NLB DNS not yet resolved after 5 min, proceeding anyway" - fi - sleep 10 - done - fi - INIT_ARGS=( --kubernetes-version="${K8S_VERSION}" --pod-network-cidr=192.168.0.0/16