ALB Ingress controller gotcha

If you're running a Kubernetes cluster on AWS (via EKS, kops, or otherwise), you're probably using the AWS ALB Ingress controller to create Application Load Balancers (ALBs) that map to Kubernetes Ingress resources.

If so, be aware of the following gotcha: When adding ALB-specific annotations on the Ingress config, be sure that all ostensibly numeric values are actually single- or double-quoted strings:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: users
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/ip-address-type: ipv4
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
    alb.ingress.kubernetes.io/security-groups: sg-XXXXXXXXXXXXXXX
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/healthcheck-path: /myhealthcheck
    # Note: these must be quoted strings, or the resource will be ignored by the ingress controller!
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "5"
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "1"
    alb.ingress.kubernetes.io/success-codes: "200"
    alb.ingress.kubernetes.io/healthy-threshold-count: "3"
    alb.ingress.kubernetes.io/unhealthy-threshold-count: "3"

Otherwise, for some reason, the ingress controller ignores the entire resource, and no ALB will be created. You will not even see any logs to this effect on the ingress controller!

Ironically, string values don't need quoting, thanks to YAML being so loose. But integers do, so that they're coerced to strings.

Show Comments