kubectl get event | grep ingress
kubectl get event | grep service
Error Code | Description | Solutions | Potential Risk if not Corrected |
E4001 | TKE_QCSRoles authorization | Log in to the CAM console, check TKE service account authorization, and re-add authorization. For details, see the description of role permissions related to service authorization. | In the cluster dimension, components cannot operate properly. |
E4004 | The number of CLBs exceeds the upper limit. | Submit a ticket to apply for a CLB quota. | New resources have no traffic access. |
E4005 | There is an error in created CLB parameters. | Check the created parameters: service.kubernetes.io/service.extensiveParameters. For details, see the description of service annotation. | New resources have no traffic access. |
E4008 | Insufficient subnet IPs | Three solutions: 1. Replace the subnet with another subnet with enough IPs and create a subnet. 2. Update the Service annotation and use a new subnet ID. 3. Use the public network type CLB instead. | New resources have no traffic access. |
E4009 | Overdue payment | You need to top up your account. | New resources have no traffic access. |
E4011 | An existing CLB does not exist. | Log in to the CLB console, find the CLB instance under the same VPC as the current cluster, confirm the CLB ID, and use a real and valid CLB ID. For details, see the use of an existing CLB in a Service. | New resources have no traffic access. |
E4012 | An existing CLB is a resource managed by another TKE. | An existing CLB must have been created by the user on the CLB console. For details, see the use of an existing CLB in a Service. | New resources have no traffic access. |
E4013 | An existing CLB is a resource used by another cluster. | The cross-cluster use of a CLB is not supported. Use another CLB or delete this resource. For details, see the sharing of a CLB by multiple Services. | New resources have no traffic access. |
E4014 | An existing CLB has a port conflict. | Multiple Service declarations use the same port. Modify the port declaration of the Service with an error, and use another port to avoid the conflict. For details, see the use of an existing CLB in a Service. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4016 | The user has not enabled the sharing feature. | Apply to enable Services' sharing capability. For details, see the sharing of a CLB by multiple Services. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4026 | The external configuration fails to be found. | The user configuration is not blocked. For details, see the Service CLB configuration. There are two solutions: 1. Delete the external configuration feature in the Service. 2. Add a TkeServiceConfig resource with the corresponding name to the annotation. | N/A |
E4033 | Direct connection is enabled, but no workload backend supports direct access. | Use the ENI network mode for the workload, and disable HostNetwork. Delete the direct connection annotation, and use NodePort for access. For instructions on using direct Service connection, see the use of LoadBalancer to directly connect a Service in Pod mode. | Backend updates may fail, causing possible interruption during the user's rolling updates. |
E4036 | Backend quadruplet conflict | The quadruplet, including CLB VIP, listener protocol, backend IP and backend port, must remain unique. With CLB restrictions, the user needs to listen to multiple ports on the Pod and bind them separately to solve this problem. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4037 | The subnet does not exist. | Three solutions: 1. Replace the subnet with another subnet with enough IPs and create a subnet. 2. Update the Service annotation and use a new subnet ID. 3. Use the public network type CLB instead. | New resources have no traffic access. |
E4062 | The certificate has expired. | Add a new certificate to the certificate service and update the Secret resource content declared in the extension protocol annotation. Fill in the certificate ID according to the document format. For details, see the Service extension protocol. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4075 | In the cross-regional feature, the region ID is incorrect. | Check the cross-regional annotation in the Service. For the region ID, see the regions and availability zones. | New resources have no traffic access. |
Error Code | Description | Solutions | Potential Risk if not Corrected |
E4003 | The number of CLBs has reached the upper limit. | Submit a ticket to apply for a CLB quota. | New resources have no traffic access. |
E4005 | The number of forwarding rules has reached the upper limit. | Submit a ticket to apply for a CLB quota. | New resources have no traffic access. |
E4008 | The TKE_QCSRole authorization has been deleted | Log in to the CAM console, check TKE service account authorization, and re-add authorization. For details, see the description of role permissions related to service authorization. | In the cluster dimension, components cannot operate properly. |
E4009 | The Secret name is not configured in the TLS field. | If you need the forwarding rules of the HTTPS protocol, modify the TLS field in the Ingress and configure the certificate required for the HTTPS listener. For details, see the Ingress certificate configuration. If you do not need the forwarding rules of the HTTPS protocol, delete the TLS field and use the HTTP protocol for service exposure. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4010 | The Secret configured in the TLS field cannot be found. | Create the Secret resource declared in the Ingress, and fill in the certificate ID according to the document format. For details, see the Ingress certificate configuration. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4011 | The Secret content configured in the TLS field is erroneous, with no certificate ID. | Update the Secret resource content declared in the TLS, and fill in the certificate ID according to the document format. For details, see the Ingress certificate configuration. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4012 | Abnormal certificate status | Add a new certificate to the certificate service and update the Secret resource content declared in TLS. Fill in the certificate ID according to the document format. For details, see the Ingress certificate configuration. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4018 | The specified existing CLB does not exist. | Go to the CLB console to find the CLB instance under the same VPC as the current cluster, confirm the CLB ID, and use a real and valid CLB ID. For details, see the use of an existing CLB in an Ingress. | New resources have no traffic access. |
E4019 | The specified existing CLB has been created by TKE. | The existing CLB must have been created by the user on the CLB Console. For details, see the use of an existing CLB in an Ingress. | New resources have no traffic access. |
E4020 | The specified existing CLB is used by another Ingress | The existing CLB must have been created by the user on the CLB Console. For details, see the use of an existing CLB in an Ingress. | New resources have no traffic access. |
E4021 | The specified existing CLB listener has not been emptied. | Log in to the CLB console, and remove all listeners of this CLB. | New resources have no traffic access. |
E4022 | The annotation format of kubernetes.io/ingress.http-rules is incorrect. | Refer to the description of Ingress annotations to confirm if the annotation content is valid. It is recommended to use the console to update the resources. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4023 | The annotation format of kubernetes.io/ingress.https-rules is incorrect. | Refer to the description of Ingress annotations to confirm if the annotation content is valid. It is recommended to use the console to update the resources. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4027 | Overdue payment for account | You need to top up your account. | New resources have no traffic access. |
E4031 | Forwarding rules contain invalid characters. | Modify the Rule field of forwarding rules. The CLB forwarding path does not support regular expressions. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4034 | The Host field of the IPv6 CLB is not declared. (Host is not required for IPv4, and it is VIP by default, which is not supported by IPv6) | Complete all Host fields in the Ingress, with no blank left. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4035 | Incorrect certificate ID format | Update the Secret resource content declared in TLS, and fill in the certificate ID according to the document format. For details, see the Ingress certificate configuration. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4039 | The certificate has expired. | Add a new certificate to the certificate service and update the Secret resource content declared in TLS. Fill in the certificate ID according to the document format. For details, see the renewal of a TKE Ingress certificate. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4040 | The Ingress contains a domain name with the corresponding certificate not declared. | Modify the TLS field and configure the certificate required for the HTTPS listener. For details, see the Ingress certificate configuration. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4041 | The Service specified by forwarding rules in the Ingress does not exist. | If your Service indeed does not exist, you need to delete the forwarding rules in the Ingress that use the Service. If you need to use the Service, create a Service resource with the same name in the namespace as the Ingress. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4042 | The Service specified by forwarding rules in the Ingress does not have a corresponding forwarding port. | If your Service does not have such a port, you need to delete the forwarding rules in the Ingress that use the Service. If the problem involves port configuration, a port update is required. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4043 | The TkeServiceConfig resource specified in the Ingress does not exist. | Does not block user configuration. For details, see the use of TKEServiceConfig to configure CLBs in an Ingress. There are two solutions: delete the external configuration feature annotation in the Service, and add the TKEServiceConfig resource with the corresponding name. | N/A |
E4044 | Invalid kubernetes.io/ingress.rule-mix value | Change it to true or false. For details, see the mixed use of HTTP and HTTPS protocols in an Ingress. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4046 | Resource bandwidth annotation configuration error, format error or bandwidth range error | Valid bandwidth values: 1-2048 | New resources have no traffic access. |
E4047 | In the Ingress, the Service specified by forwarding rules is of the ClusterIP type and has no forwarding port access. | Modify the Service with an error to the NodePort type. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4048 | The Ingress contains a domain name with multiple default certificates declared. | Multiple Secrets with no Host configuration are declared in the TLS field. Delete them until only one remains. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4049 | The Ingress contains a fixed domain name with multiple certificates declared. | Multiple Secrets are declared for a domain in the TLS field. Delete them until only one remains. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4051 | The configuration generated automatically by the system is specified for the user's manual external configuration. | For details, see the use of TKEServiceConfig to configure CLBs in an Ingress. Use a resource with a different name instead. | N/A |
E4052 | The domain name specified by forwarding rules in the Ingress does not meet the regular expression requirements. | Check and correct the erroneous domain name. Common errors include domain names without a ''.'', such as Host: test, and domain names with any uppercase letter, such as Host: Test.com. Regular expression: (\\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)+ | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4053 | Unable to create a CLB due to the exhaustion of subnet IPs | Three solutions: 1. Replace the subnet with another subnet with enough IPs and create a subnet. 2. Update the Service annotation and use a new subnet ID. 3. Use the public network type CLB instead. | New resources have no traffic access. |
E4054 | The number of backends has reached the upper limit. | Submit a ticket to apply for a CLB backend quota. | Backend updates may fail, causing possible interruption during the user's rolling updates. |
E4055 | Unable to create a CLB due to the absence of the subnet or a format error | Three solutions: 1. Replace the subnet with another subnet with enough IPs and create a subnet. 2. Update the Service annotation and use a new subnet ID. 3. Use the public network type CLB instead. | New resources have no traffic access. |
E4060 | Unable to enable the SNAT Pro feature for the user due to no granting of allowlist authorization to the account | Submit a ticket to apply for the granting of allowlist authorization to enable the SNAT Pro capability for the CLB. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4066 | The cluster initialization failed, and CRD cannot be created. | In the cluster dimension, components cannot operate properly. | |
E4068 | The automatic redirection rules conflict with other user-declared rules. | When the automatic redirection feature is used, it is recommended not to declare other forwarding rules. For details, see the Ingress redirection. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4071 | Cross-regional configuration error: the CLB's VPC and the current cluster's VPC are not in the same CCN. | Use the CCN to associate two VPCs and replace VPCs in other CCNs. For details, see the cross-regional binding for an Ingress. | New resources have no traffic access. |
E4074 | Overdue payment for a node may cause backend binding failure. | The CLB's backend binding problem may be due to node blockage. | Backend updates may fail, causing possible interruption during the user's rolling updates. |
E4081 | The annotation format of kubernetes.io/ingress.https-rules is incorrect (configuration conflict). | It is recommended to modify the configuration through the console. For details, see the description of Ingress annotations. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4082 | The NoSelector Service does not support binding. In direct connection scenarios, the Ingress declares the use of similar resources. | The backend of the NoSelector Service does not support direct access, so NodePort needs to be used instead. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4084 | Under cross-regional binding solution 1.0, the SNAT Pro feature cannot be used. | The technical solution needs to be adjusted due to system limitations. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
E4098 | The CLB ID format of the specified existing CLB is incorrect. | Log in to the CLB console, find the CLB instance under the same VPC as the current cluster, confirm the CLB ID, and use a real and valid CLB ID. For details, see the use of an existing CLB in an Ingress. | New resources have no traffic access. |
E4101 | The listener of the specified existing CLB has a conflict. | Check if port 80/443 is already occupied by other resources. | Resource synchronization is blocked. The user's update may cause the CLB backend to fail to be updated properly. |
Was this page helpful?