The diagnostic and troubleshooting procedure for ALB Ingress controller errors -

The Application Load Balancer (ALB) Ingress controller is used to forward external requests to applications in a Kubernetes cluster. The ALB Ingress controller listens for changes in Services and endpoints that are associated with an ALB Ingress. When changes are detected, the ALB Ingress controller synchronizes the changes to the backend server groups of the corresponding ALB instance in real time. The changes are also synchronized to the ALB console. This topic describes how to diagnose ALB Ingress controller errors and provides solutions.

Resource synchronization

The following figure shows how the ALB Ingress controller synchronizes resources:

The ALB Ingress controller creates an ALB instance and two listeners listener1 and listener2 based on the AlbConfig that you configure.
The ALB Ingress controller creates two forwarding rules rule1 and rule2 based on the Ingress that you configure, and associates rule1 and rule2 with listener2. Two backend server groups vgroup1 and vgroup2 are specified in rule1. One backend server group vtgroup2 is specified in rule2.
The ALB Ingress controller listens for changes in Services and endpoints. When changes are detected, the ALB Ingress controller synchronizes the changes to the backend server groups of the corresponding ALB instance in real time.

The preceding synchronization may fail due to specific limits. In this case, error events are recorded. The following steps describe how to view, analyze, and resolve the errors.

Step 1: View error events

Update the ALB Ingress controller to the latest version.
Events are continuously updated. Before you diagnose the ALB Ingress controller, we recommend that you update it to the latest version. For more information, see Update the ALB Ingress controller.
Run the following command to query Ingress error events:
```
kubectl -n <your-namespace> describe ingress <your-ingress-name>
```
The Events section in the output displays Ingress error events.
- Scheduled for sync: An event starts.
- Successfully reconciled: An event ends.

Step 2: Analyze and resolve errors

The following table describes the causes of common error events and provides solutions.

Error message	Cause	Solution
listener is not exist, port: 80, protocol: HTTP	ALB Ingress controller 2.11.0 and later can associate a listener with an Ingress but cannot create the listener. If the listener that you associate with an Ingress is not configured in an AlbConfig, the error event is generated.	For ALB Ingress controller 2.11.0 and later, you must configure the listeners that you want to use in AlbConfigs.
listener not found for (80/HTTP), with ingresses 1	For ALB Ingress controller 2.11.0 and later, if you remove a listener from an AlbConfig but the listener is associated with an Ingress, the error event is generated. The event contains information about the listener and the number of Ingresses that are associated with the listener.	If you want to remove the listener, you must first disassociate all Ingresses from the listener. Important If you accidentally remove a listener, you can re-add the listener.
none certificate found for host	TLS and automatic certificate discovery are enabled but no certificate is associated with the domain name in the Certificate Management Service console.	Configure a certificate: Create a certificate in the Certificate Management Service console. After the certificate is created, the ALB Ingress controller can automatically discover the certificate based on the domain name specified in the ALB Ingress configuration. For more information, see Configure automatic certificate discovery. Specify a certificate: Specify a certificate in the AlbConfig. For more information, see Specify a certificate in the AlbConfig.
The param of Rules.1.RuleConditions.2.PathConfig.Values.1 is illegal	An invalid path is specified when you create or modify the forwarding rule.	If rewrite rules are configured in the ALB Ingress, you must set `pathType` to `Prefix`. If no rewrite rule is configured in the ALB Ingress, special characters may be specified in the `path` parameter. Note You can specify a regular expression in the path parameter. Otherwise, the path you specify must start with a forward slash (`/`). The path can contain letters, digits, and the following special characters: $ + / & ~ @ _ - . : * ?. Asterisks (*) and question marks (?) can be used as wildcard characters.
The param of ServerGroupName is illegal	The name of the backend server group associated with the ALB instance is invalid.	Specify the name in the valid format. The name must be in the `Namespace + Service name+ Port number` format. The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
The specified resource sgp-vz2fb219vv792flx3u is in use	The backend server group is added to another ALB instance.	Log on to the ALB console. In the left-side navigation pane, choose ALB > Server Groups. On the Server Groups page, find the backend server group and remove it from the other ALB instance.
Message: Invalid value. Set the value in a valid format.	The certificate ID that you specify in the AlbConfig is invalid.	Check whether the ID you specify is a resource ID or a numeric ID. Replace the resource ID or numeric ID with the certificate ID specified by the CertIdentifier parameter.