How to debug the Application Load Balancer Ingress Controller for Fargate on EKS
Fargate on EKS requires the use of application load balancers (ALB) to provide network connectivity from outside your cluster to the containers it is running. To handle the automatic provisioning of these an ALB ingress controller is required.
Deployment instructions are available in the AWS documentation.
If this isn’t working try running
kubectl logs -n kube-system deployment.apps/alb-ingress-controller to see if there are any error messages.
When I first deployed a Fargate enabled cluster I found the following error message from the ALB ingress controller.
kubebuilder/controller "msg"="Reconciler error" "error"="failed to build LoadBalancer configuration due to failed to get AWS tags. Error: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors" "controller"="alb-ingress-controller"
This was because I hadn’t created the IAM service account correctly. Make sure you have created an ALB Ingress controller policy in IAM. This should include the following permissions in this json document. Once you’ve added that policy run
eksctl create iamserviceaccount \ --region region-code \ --name alb-ingress-controller \ --namespace kube-system \ --cluster prod \ --attach-policy-arn arn:aws:iam::111122223333:policy/ALBIngressControllerIAMPolicy \ --override-existing-serviceaccounts \ --approve
attach-policy-arn positional arguments.
Once applied if you still are not seeing an ALB endpoint when you check
kubectl get ingress try removing and reapplying the ingress object to force the ALB to be created.
Learn more on our Amazon EKS Fundamentals online training course: https://www.releaseworksacademy.com/courses/amazon-eks-fundamentals