Open ismailyenigul opened 4 years ago
+1
We are experiencing a similar problem. Does anyone have any suggestions for a solution other than fixing the source code?
Any updates ? I'm using last version of "amazon/aws-alb-ingress-controller:v2.1.0" and I'm still have same issue. When I create ingress in ALB I see same default actions with return fixed response 404. This is reason why I can't use CNAME's in R53 with "A" records associated with ALB.
I'm making ALB thru ingress + I'm using external-dns-controller which create A records in R53 when ALB is appearing.
After I want to make R53 DNS Traffic Policy "Failover" for point CNAME to these A records. But this is not works cuz we have default actions with return fixed response. After modify this default actions, CNAME is works good. This is reason why I can't use AWS DNS policy (each 50$ p/month). Yeah I'm able to delete or modify "Return fixed response 404" but, I want to make automation, and this is disturbing for go forward.
I'm using this for create ALB:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: sts-ingress-prd namespace: sts annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:4444444444:certificate/4b411ef0-4444-4444-4444-dad444412b5c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/security-groups: sg-04444444808894, sg-041444444451722 alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' alb.ingress.kubernetes.io/healthcheck-path: / alb.ingress.kubernetes.io/healthcheck-protocol: "HTTPS" labels: app: sts stage: prd spec: rules:
ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK expects
"All HTTP listener rules have HTTP to HTTPS redirection action configured"
as described at https://github.com/awslabs/aws-config-rules/blob/master/python/ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK/ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK.py#L43But ALB ingress controller creates two ALB rules on HTTP Listener for HTTPS redirect
AWS config check fails because of Rule last. But we already configured HTTPS redirect in Rule 1
Related issue: https://github.com/kubernetes-sigs/aws-alb-ingress-controller/issues/1264
I am not sure this is ALB ingress issue or AWS config rules. But I think AWS config rules can create an exception for
Return fixed response 404
to pass validation.