I've noticed that my Target Groups in my EKS cluster were not getting created with AWS Load Balancer Controller, and upon troubleshooting and checking the logs, I came to realise that the controller was indeed detecting the ingresses being created, but it was creating target groups for another service in the public Application Load Balancer. Both the private and the public alb were succesfully created. Every internet-facing service gets registered correctly, but for some reason, with any internal ingress being created, the controller defaults to the same internet-facing service. I should also mention that I have another environment where this one was copied from, and it's working correctly.
I've checked the tags, the private subnets are mapped with "kubernetes.io/role/internal-elb: 1" and the public subnets with "kubernetes.io/role/elb: 1", both have the tag "kubernetes.io/cluster/my-cluster: owned" mapped to them.
Ingresses with the internet-facing schema are correctly registered, but the ones with internal schema are not. I've reinstalled the add-on twice, there are no events for the ingresses and their creation successful. The logs to the AWS Load Balancer Controller pod show that it targets service-a (which is internet-facing, correctly created on the public alb) when it should be targeting service-b (in the private alb).
Here follows my ingress describe:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/actions.service-b: '{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"service-b","servicePort":80,"weight":100}]}}'
alb.ingress.kubernetes.io/group.name: service-ingress
alb.ingress.kubernetes.io/group.order: "2"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/rewrite-target: /$1
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/use-regex: "true"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"alb.ingress.kubernetes.io/actions.service-b":"{\"type\":\"forward\",\"forwardConfig\":{\"targetGroups\":[{\"serviceName\":\"service-b\",\"servicePort\":80,\"weight\":100}]}}","alb.ingress.kubernetes.io/group.name":"service-ingress","alb.ingress.kubernetes.io/group.order":"2","alb.ingress.kubernetes.io/listen-ports":"[{\"HTTP\": 80}]","alb.ingress.kubernetes.io/rewrite-target":"/$1","alb.ingress.kubernetes.io/scheme":"internal","alb.ingress.kubernetes.io/target-group-attributes":"stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60","alb.ingress.kubernetes.io/target-type":"ip","alb.ingress.kubernetes.io/use-regex":"true"},"creationTimestamp":"2024-02-27T13:18:30Z","finalizers":["group.ingress.k8s.aws/service-ingress"],"generation":1,"labels":{"app":"service-b-ingress"},"name":"service-ingress","namespace":"service-b","resourceVersion":"19283444","uid":"saodfij-239d-2949-bas2-92948d9294f0s"},"spec":{"ingressClassName":"alb","rules":[{"http":{"paths":[{"backend":{"service":{"name":"service-b","port":{"name":"use-annotation"}}},"path":"/content","pathType":"Prefix"}]}}]},"status":{"loadBalancer":{"ingress":[{"hostname":"internal-k8s-servicesingressinterna-ab123456-1234567.us-east-1.elb.amazonaws.com"}]}}}
creationTimestamp: "2024-02-28T00:46:32Z"
finalizers:
- group.ingress.k8s.aws/service-ingress
generation: 1
labels:
app: service-b-ingress
name: service-ingress
namespace: service-b
resourceVersion: "12345678"
uid: 82beaaa1-xxxx-yyyy-zzzz-aaaaaa
spec:
ingressClassName: alb
rules:
- http:
paths:
- backend:
service:
name: service-b
port:
name: use-annotation
path: /content
pathType: Prefix
status:
loadBalancer:
ingress:
- hostname: internal-k8s-servicesingressinterna-ab123456-1234567.us-east-1.elb.amazonaws.com
Perhaps there's something very simple I'm missing, but I've been looking for days and haven't been able to find the issue. Also, thank you for your time.