The Application Load Balancer (ALB) Ingress controller is used to forward external requests to applications in a Kubernetes cluster. The ALB Ingress controller listens for changes in Services and endpoints that are associated with an ALB Ingress. When changes are detected, the ALB Ingress controller synchronizes the changes to the backend server groups of the corresponding ALB instance in real time. The changes are also synchronized to the ALB console. This topic describes how to diagnose ALB Ingress controller errors and provides solutions.
Resource synchronization
The following figure shows how the ALB Ingress controller synchronizes resources:
The ALB Ingress controller creates an ALB instance and two listeners listener1 and listener2 based on the AlbConfig that you configure.
The ALB Ingress controller creates two forwarding rules rule1 and rule2 based on the Ingress that you configure, and associates rule1 and rule2 with listener2. Two backend server groups vgroup1 and vgroup2 are specified in rule1. One backend server group vtgroup2 is specified in rule2.
The ALB Ingress controller listens for changes in Services and endpoints. When changes are detected, the ALB Ingress controller synchronizes the changes to the backend server groups of the corresponding ALB instance in real time.
The preceding synchronization may fail due to specific limits. In this case, error events are recorded. The following steps describe how to view, analyze, and resolve the errors.
Step 1: View error events
Update the ALB Ingress controller to the latest version.
Events are continuously updated. Before you diagnose the ALB Ingress controller, we recommend that you update it to the latest version. For more information, see Update the ALB Ingress controller.
Run the following command to query Ingress error events:
kubectl -n <your-namespace> describe ingress <your-ingress-name>
The
Events
section in the output displays Ingress error events.Scheduled for sync
: An event starts.Successfully reconciled
: An event ends.
Step 2: Analyze and resolve errors
The following table describes the causes of common error events and provides solutions.
Error message | Cause | Solution |
listener is not exist, port: 80, protocol: HTTP | ALB Ingress controller 2.11.0 and later can associate a listener with an Ingress but cannot create the listener. If the listener that you associate with an Ingress is not configured in an AlbConfig, the error event is generated. | For ALB Ingress controller 2.11.0 and later, you must configure the listeners that you want to use in AlbConfigs. |
listener not found for (80/HTTP), with ingresses 1 | For ALB Ingress controller 2.11.0 and later, if you remove a listener from an AlbConfig but the listener is associated with an Ingress, the error event is generated. The event contains information about the listener and the number of Ingresses that are associated with the listener. | If you want to remove the listener, you must first disassociate all Ingresses from the listener. Important If you accidentally remove a listener, you can re-add the listener. |
none certificate found for host | TLS and automatic certificate discovery are enabled but no certificate is associated with the domain name in the Certificate Management Service console. |
|
The param of Rules.1.RuleConditions.2.PathConfig.Values.1 is illegal | An invalid path is specified when you create or modify the forwarding rule. |
|
The param of ServerGroupName is illegal | The name of the backend server group associated with the ALB instance is invalid. | Specify the name in the valid format. The name must be in the |
The specified resource sgp-vz2fb219vv792flx3u is in use | The backend server group is added to another ALB instance. | Log on to the ALB console. In the left-side navigation pane, choose . On the Server Groups page, find the backend server group and remove it from the other ALB instance. |
Message: Invalid value. Set the value in a valid format. | The certificate ID that you specify in the AlbConfig is invalid. | Check whether the ID you specify is a resource ID or a numeric ID. Replace the resource ID or numeric ID with the certificate ID specified by the CertIdentifier parameter. |