3

I'm experimenting with AWS EKS and have created the following setup:

  • EKS cluster with a single service/pod/node
  • AWS ALB ingress controller
  • ALB

I try to configure the ALB to:

  • create access logs
  • provide HTTP/2 support

My alb ingress controller definition:

apiVersion: apps/v1 kind: Deployment metadata: labels: app: alb-ingress-controller name: alb-ingress-controller namespace: kube-system spec: replicas: 1 selector: matchLabels: app: alb-ingress-controller strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: creationTimestamp: null labels: app: alb-ingress-controller spec: containers: - args: - --ingress-class=alb - --cluster-name=eks image: docker.io/amazon/aws-alb-ingress-controller:v1.1.2 imagePullPolicy: Always name: server resources: {} terminationMessagePath: /dev/termination-log dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 serviceAccountName: alb-ingress serviceAccount: alb-ingress

My service & ingress definition:

apiVersion: v1 kind: Service metadata: name: my-app spec: ports: - port: 5001 targetPort: 5001 protocol: TCP type: NodePort selector: app: my-app --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: "my-app" labels: app: my-app annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/load-balancer-attributes: "access_logs.s3.enabled=true,access_logs.s3.bucket=my-bucket,access_logs.s3.prefix=some-path" alb.ingress.kubernetes.io/load-balancer-attributes: "routing.http2.enabled=true" spec: rules: - http: paths: - path: /* backend: serviceName: "my-app" servicePort: 5001

Result:

  • ALB gets correctly created & traffic gets routed correctly
  • but no HTTP/2 support (although AWS console says 'enabled' for HTTP/2, which is the default)
  • and no ALB logs in S3 (although all permissions provided)

I have checked the ALB logs (kubectl logs -n kube-system $(kubectl get po -n kube-system | egrep -o alb-ingress[a-zA-Z0-9-]+)) and did not find any error message or warning.

Did anyone else get this to work?

Improve this question
3
  • Also, can someone make an "amazon-eks" tag? Does not seem to exist yet. Commented Mar 4, 2019 at 2:31
  • Got the S3 logs working by combining the two alb.ingress.kubernetes.io/load-balancer-attributes statements into one. HTTP/2 on the other hand is not yet working. Commented Mar 5, 2019 at 2:17
  • And the HTTP/2 started working after enabling HTTPS. Commented Mar 5, 2019 at 13:04

1 Answer 1

Reset to default
3

I have solved these two issues in the meantime. Quick summary in case somebody else struggles with the same:

  • all alb.ingress.kubernetes.io/load-balancer-attributes need to be combined in a single comma-separated statement -> solved the S3 log issue

    alb.ingress.kubernetes.io/load-balancer-attributes: "access_logs.s3.enabled=true,access_logs.s3.bucket=bucket-name,access_logs.s3.prefix=some-prefix"

  • HTTPS needs to be enabled for HTTP/2 -> solved the HTTP/2 issue

    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS":443}]' alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:ap-southeast-1:1234567891011:certificate/some-UID"

Improve this answer
2
  • Could you share it? Commented May 14, 2019 at 20:10
  • 1
    Have updated the answer to add the actual configuration... hope that helps. Commented May 15, 2019 at 1:20

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.