Impossible to create a LoadBalancer

[AlexGrs]

I have the following error message:

2017-01-19T14:00:05.160701452Z E0119 14:00:05.160531       1 servicecontroller.go:760] Failed to process service. Retrying in 5m0s: Failed to create load balancer for service default/testlb: network.SecurityGroupsClient#CreateOrUpdate: Invalid input: autorest/validation: validation failed: parameter=parameters.SecurityGroupPropertiesFormat.Subnets constraint=ReadOnly value=[]network.Subnet{network.Subnet{Response:autorest.Response{Response:(*http.Response)(nil)}, ID:(*string)(0xc421cd6330), SubnetPropertiesFormat:(*network.SubnetPropertiesFormat)(nil), Name:(*string)(nil), Etag:(*string)(nil)}} details: readonly parameter; must send as nil or empty in request

My services definition is the following:

---
apiVersion: v1
kind: Service
metadata:
  name: testlb
  labels:
    run: testlb
spec:
  type: LoadBalancer
  ports:
  - port: 80
    name: testlb-http
    protocol: TCP
    targetPort: 12000
  - port: 443
    name: testlb-https
    protocol: TCP
  selector:
    app: testlb

Any idea what could be the cause ?

[AlexGrs]

Could it be related to #193 ? It was working perfectly before this.

[codablock]

I have the same issue at the moment. Downgrading to docker 1.12 does not help. Also, from the error messages it does not look related. There seems to be an API incompatibility introduced in the last days.

@AlexGrs Can you reopen this issue?

[codablock]

This seems to be introduced with a cherry pick into 1.5.2: kubernetes/kubernetes#38943

It updated the azure-sdk-for-go library which in turn introduced constraints validation to Azure API calls. It looks like the updating of security groups fails here as it reuses a json object from a previous GET, which has the Subnets and Interfaces properties set.

Not sure how to fix this. I would assume that setting these properties to nil before doing CreateOrUpdate should be a proper fix? But first it should be clarified if these properties should really be ReadOnly.

CC: @colemickens @brendandburns

[codablock]

Just want to confirm that setting NetworkInterfaces and Subnets to nil does work. I can create a PR if it can be confirmed that this fix is ok.

[colemickens]

@codablock I don't see that PR in 1.5.1 tree though... Did you manually switch to 1.5.2? ACS-Engine hasn't been bumped to 1.5.2 yet (PR in progress...)

[codablock]

@colemickens I don't use ACS engine but kargo.

As @AlexGrs issue looked exactly the same as mine, I assumed you were also on 1.5.2 with ACS engine. Or maybe he uses a custom build version as we suggested to him due to the volume fixes?

[colemickens]

@AlexGrs Can you please chime in on what the issue was, why you closed it, etc? Thanks.

[colemickens]

Okay, I repro'd this as well.

servicecontroller.go:760] Failed to process service. Retrying in 1m20s: Failed to create load balancer for service default/nginx: network.SecurityGroupsClient#CreateOrUpdate: Invalid input: autorest/validation: validation failed: parameter=parameters.SecurityGroupPropertiesFormat.Subnets constraint=ReadOnly value=[]network.Subnet{network.Subnet{Response:autorest.Response{Response:(*http.Response)(nil)}, ID:(*string)(0xc4228be160), SubnetPropertiesFormat:(*network.SubnetPropertiesFormat)(nil), Name:(*string)(nil), Etag:(*string)(nil)}} details: readonly parameter; must send as nil or empty in request

cc: @brendandburns

[colemickens]

I'm going to leave this closed. We can track it in the Go-Autorest or Kubernetes issue.