Closed ogreyard closed 1 year ago
@ogreyard
Did you attached all required IAM permission to the controller?
if so, would you mind check the cloudtrail and looking for the event of DescribeTargetGroup
for the targetGroup, and see what's the API response.
Our default IAM permission allows to describe all targetGroups
Thanks for the reply.
The IAM roles were all correctly configured, I followed the tutorial(s) multiple times.
after spending hours on this, I figured the controller needed to have an STS endpoint reachable within the private clusters to assume the right role. and additionally it required the elb endpoint as well to reach the load balancing api. That‘s really understandable and makes sense, however the error message was a bit misleading/not helpful.
closing, thanks.
Describe the bug When adding a
TargetGroupBinding
to an existing service on an EKS cluster in AWS, the webhook of the alb controller is called, apparently cannot detect the targetgroup info, a 403 error is given.log output of alb-controller pod after triggering the targetgroupbinding:
Steps to reproduce
Service
on public nodelog:
Expected outcome
The IP target is added to the target group without error by the ALB Controller. FYI: Manually adding the target via AWS console is working without hassle.
Environment
Additional Context: