A floating IP unavailable error occurs in cloud providers (Vultr, DigitalOcean, Hetzner) when a reserved IP address cannot be assigned to a LoadBalancer service. This prevents external traffic from reaching the service, blocking ingress connectivity.
Cloud providers offer floating IPs (elastic IPs, reserved IPs) that can be reassigned between instances. In Kubernetes LoadBalancer services, floating IPs are used to provide stable, public-facing IP addresses. When creating a LoadBalancer service, the cloud provider attempts to allocate a floating IP from your account's available pool. If the pool is exhausted or misconfigured, the allocation fails, leaving the service in "Pending" state.
Verify you have available floating IPs:
# DigitalOcean:
digitalocean floating-ips list
# Vultr:
vultr reserved-ip list
# Hetzner Cloud:
hcloud floating-ip list
# Check account limits:
# - Login to web console
# - Check billing/quota section
# - Look for floating IP limitsIf quota is exhausted, release unused IPs or request increase.
Check the cloud controller manager:
kubectl get pods -n kube-system | grep cloud-controller-manager
kubectl describe pod -n kube-system -l component=cloud-controller-manager
# Check logs:
kubectl logs -n kube-system -l component=cloud-controller-manager -f
# Verify it's configured:
kubectl get deploy -n kube-system -l component=cloud-controller-managerIf missing or not running, the service cannot allocate floating IPs.
Review the LoadBalancer service definition:
kubectl get svc <service-name> -o yaml
# Look for:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: LoadBalancer
selector:
app: my-app
ports:
- port: 80
targetPort: 8080
# Check for cloud-specific annotations:
# annotations:
# service.beta.kubernetes.io/load-balancer-source-ranges: 0.0.0.0/0Verify type is "LoadBalancer" and no conflicting annotations.
Ensure cloud provider credentials are valid:
# Check secret with cloud credentials:
kubectl get secrets -n kube-system
kubectl describe secret -n kube-system cloud-provider-secret # Name varies
# Verify credentials:
# DigitalOcean:
export DIGITALOCEAN_ACCESS_TOKEN=<token>
doctl auth init # Verify token works
# Vultr:
export VULTR_API_KEY=<key>
vultr account info
# Hetzner:
export HCLOUD_TOKEN=<token>
hcloud project limitsIf credentials are invalid, cloud operations will fail.
Remove unused IPs to free quota:
# List all floating IPs:
digitalocean floating-ips list
# Identify orphaned IPs (not attached to any droplet):
for ip in $(digitalocean floating-ips list --format IP); do
status=$(digitalocean floating-ip get $ip --format Status)
if [ "$status" == "new" ]; then
echo "Orphaned: $ip"
digitalocean floating-ip delete $ip # Delete if safe
fi
doneOrphaned IPs consume quota but serve no purpose.
Pre-allocate and assign a specific floating IP:
# Create floating IP manually:
digitalocean floating-ip reserve <region> --droplet-name <node>
# Returns: 192.0.2.1
# Assign to service via annotation:
kubectl annotate service <service-name> \
service.beta.kubernetes.io/do-loadbalancer-ip=192.0.2.1
# Or in YAML:
apiVersion: v1
kind: Service
metadata:
name: my-service
annotations:
service.beta.kubernetes.io/do-loadbalancer-ip: "192.0.2.1"
spec:
type: LoadBalancer
...Pre-allocating IP ensures availability.
Debug cloud provider errors:
# Check cloud controller manager logs:
kubectl logs -n kube-system -l component=cloud-controller-manager --tail=100
# Look for:
# - "floating-ip quota exceeded"
# - "failed to allocate IP"
# - "authentication failed"
# - API errors
# Check kubelet logs for service updates:
kubectl logs -n kube-system kubelet | grep -i loadbalancer
# Describe service for event messages:
kubectl describe svc <service-name>
# Look for "Events:" sectionLogs reveal the exact failure reason.
Plan for growth and request higher limits:
# Calculate current usage:
kubectl get svc --all-namespaces | grep LoadBalancer | wc -l
# Add 50% buffer for future growth
need_ips=$(( $(kubectl get svc -A | grep LoadBalancer | wc -l) * 2 ))
echo "Request quota: $need_ips floating IPs"
# For DigitalOcean, request increase via support ticket
# For Vultr, manage via account settings
# For Hetzner, use web consolePlan ahead for cluster growth.
Floating IP quotas vary by cloud provider and account tier. DigitalOcean allows 3 free floating IPs per account. Vultr and Hetzner have similar limits. For large clusters with many services, pre-allocate floating IPs or upgrade to higher tier. Some providers support DNS instead of floating IPs (use Ingress with external DNS instead). Floating IP costs vary ($3-5/month typically). For high availability, use multiple LoadBalancer services with automatic failover. Consider using an Ingress controller (nginx, traefik) instead of multiple LoadBalancers to reduce floating IP usage. Monitor unused services and clean up to free quota. Document which services use floating IPs for capacity planning.
No subnets found for EKS cluster
How to fix "eks subnet not found" in Kubernetes
unable to compute replica count
How to fix "unable to compute replica count" in Kubernetes HPA
error: context not found
How to fix "error: context not found" in Kubernetes
default backend - 404
How to fix "default backend - 404" in Kubernetes Ingress
serviceaccount cannot list resource
How to fix "serviceaccount cannot list resource" in Kubernetes