'failed calling webhook "vingress.elbv2.k8s.aws"

I installed aws-load-balancer-controller on new EKS cluster (version v1.21.5-eks-bc4871b).

I installed by this guide https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/deploy/installation/ step by step but when I'm trying to deploy ingress object I'm getting the error I mentioned in the title. I tried to do as github issues questions like here https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/2039 but didn't find any answer.

What else can I do for checking this?

kuberneteskubernetes-ingressamazon-eksaws-application-load-balancer


Solution 1:[1]

In case it might help others - I also had the original issue using fargate profile and worker-node for core-dns. The solution for me I found in another place was just adding

node_security_group_additional_rules = {
ingress_allow_access_from_control_plane = {
  type                          = "ingress"
  protocol                      = "tcp"
  from_port                     = 9443
  to_port                       = 9443
  source_cluster_security_group = true
  description                   = "Allow access from control plane to webhook port of AWS load balancer controller"
}

}

Solution 2:[2]

I assume you are getting an error message like the following, if is not the case, please post your error.

Error from server (InternalError): error when creating "anymanifest.yaml": Internal error occurred: failed calling webhook "vingress.elbv2.k8s.aws": Post "https://aws-load-balancer-webhook-service.kube-system.svc:443/validate-networking-v1beta1-ingress?timeout=10s": context deadline exceeded

Usually, it happens due to EKS control plane can't communicate with nodes using the webhook port.

Checkout the logs of the aws-load-balancer-controller pods to check the port it started to listen

{"level":"info","ts":1643365219.2410042,"logger":"controller-runtime.webhook","msg":"serving webhook server","host":"","port":9443}

In order to fix that, in the security group of the worker nodes, allow communications of port 9443 from EKS control plane

Solution 3:[3]

load-balancer-controller pod description for more details It may happen that the image is not available at the ECR

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Emo
Solution 2 RuBiCK
Solution 3 Sanjay Mahajan

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function