Cluster information:
Kubernetes version: 1.19
Cloud being used: AWS EKS
Installation method: Terraform
I’m trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller
This is what the logs of my deployment look like:
$ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
Found 2 pods, using pod/aws-load-balancer-controller-6d9894cf4-57rlq
{"level":"info","ts":1621805437.8682935,"msg":"version","GitVersion":"v2.2.0","GitCommit":"68c417a7ea37ff153f053d9ffef1cc5c70d7e211","BuildDate":"2021-05-14T21:49:05+0000"}
{"level":"info","ts":1621805441.0391128,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8080"}
{"level":"info","ts":1621805441.042128,"logger":"setup","msg":"adding health check for controller"}
{"level":"info","ts":1621805441.042287,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/mutate-v1-pod"}
{"level":"info","ts":1621805441.0423834,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding"}
{"level":"info","ts":1621805441.04245,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-elbv2-k8s-aws-v1beta1-targetgroupbinding"}
{"level":"info","ts":1621805441.0425208,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-networking-v1beta1-ingress"}
{"level":"info","ts":1621805441.0435557,"logger":"setup","msg":"starting podInfo repo"}
{"level":"info","ts":1621805443.0431697,"logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"}
I0523 21:30:43.043172 1 leaderelection.go:242] attempting to acquire leader lease kube-system/aws-load-balancer-controller-leader...
I0523 21:30:43.061542 1 leaderelection.go:252] successfully acquired lease kube-system/aws-load-balancer-controller-leader
{"level":"info","ts":1621805443.1433892,"logger":"controller-runtime.webhook.webhooks","msg":"starting webhook server"}
{"level":"info","ts":1621805443.1435783,"logger":"controller","msg":"Starting EventSource","reconcilerGroup":"elbv2.k8s.aws","reconcilerKind":"TargetGroupBinding","controller":"targetGroupBinding","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.1437511,"logger":"controller","msg":"Starting EventSource","reconcilerGroup":"elbv2.k8s.aws","reconcilerKind":"TargetGroupBinding","controller":"targetGroupBinding","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.143842,"logger":"controller","msg":"Starting EventSource","reconcilerGroup":"elbv2.k8s.aws","reconcilerKind":"TargetGroupBinding","controller":"targetGroupBinding","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.1441207,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"channel source: 0xc000090500"}
{"level":"info","ts":1621805443.1442277,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"channel source: 0xc000090550"}
{"level":"info","ts":1621805443.1447785,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.1448064,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.1448874,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.1447225,"logger":"controller","msg":"Starting EventSource","controller":"service","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.145254,"logger":"controller","msg":"Starting Controller","controller":"service"}
{"level":"info","ts":1621805443.1451356,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"}
{"level":"info","ts":1621805443.1455188,"logger":"controller-runtime.webhook","msg":"serving webhook server","host":"","port":9443}
{"level":"info","ts":1621805443.145757,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"}
{"level":"info","ts":1621805443.2442284,"logger":"controller","msg":"Starting EventSource","reconcilerGroup":"elbv2.k8s.aws","reconcilerKind":"TargetGroupBinding","controller":"targetGroupBinding","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.2452686,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"channel source: 0xc0000905a0"}
{"level":"info","ts":1621805443.2455094,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.2455108,"logger":"controller","msg":"Starting workers","controller":"service","worker count":3}
{"level":"info","ts":1621805443.3447967,"logger":"controller","msg":"Starting Controller","reconcilerGroup":"elbv2.k8s.aws","reconcilerKind":"TargetGroupBinding","controller":"targetGroupBinding"}
{"level":"info","ts":1621805443.3450336,"logger":"controller","msg":"Starting workers","reconcilerGroup":"elbv2.k8s.aws","reconcilerKind":"TargetGroupBinding","controller":"targetGroupBinding","worker count":3}
{"level":"info","ts":1621805443.345854,"logger":"controller","msg":"Starting EventSource","controller":"ingress","source":"kind source: /, Kind="}
{"level":"info","ts":1621805443.345981,"logger":"controller","msg":"Starting Controller","controller":"ingress"}
{"level":"info","ts":1621805443.346044,"logger":"controller","msg":"Starting workers","controller":"ingress","worker count":3}
And the annotations in my kustomize ingress config (I’m patching the Kubeflow 1.3 config):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: istio-ingress
namespace: istio-system
annotations:
# create AWS Application LoadBalancer
kubernetes.io/ingress.class: alb
# external type
alb.ingress.kubernetes.io/scheme: internet-facing
# AWS Certificate Manager certificate's ARN
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-2:1111111:certificate/111-222-333"
# open ports 80 and 443
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
# ExternalDNS settings: https://rtfm.co.ua/en/kubernetes-update-aws-route53-dns-from-an-ingress/
external-dns.alpha.kubernetes.io/hostname: kubeflow.my-domain.com
# redirect all HTTP to HTTPS
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
But so far nothing happens, no alb is being created.
$ kubectl get services -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
authservice ClusterIP 172.20.17.19 <none> 8080/TCP 39m
cluster-local-gateway ClusterIP 172.20.0.189 <none> 15020/TCP,80/TCP 39m
istio-ingressgateway NodePort 172.20.81.219 <none> 15021:31033/TCP,80:31875/TCP,443:31517/TCP,31400:32737/TCP,15443:32018/TCP 39m
istiod ClusterIP 172.20.186.197 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 39m
(The NodePort is supposed to be replaced by an ALB here I believe).
I’m out of idea on how to debug this. Any help would be greatly appreciated, Thank you.