Closed kumud-pe closed 5 years ago
Because of this, target groups are not getting created and alb.ingress.kubernetes.io/security-groups annotation is not working.
E1126 07:18:53.380593 1 :0] kubebuilder/controller "msg"="Reconciler error" "error"="error getting web acl for load balancer arn:aws:elasticloadbalancing:ap-south-1:549423712792:loadbalancer/app/<lb-name>: RequestError: send request failed\ncaused by: Post https://waf-regional.ap-south-1.amazonaws.com/: dial tcp: lookup waf-regional.ap-south-1.amazonaws.com on 100.64.0.10:53: no such host" "Controller"="alb-ingress-controller" "Request"={"Namespace":"test","Name":"test-ingress"}
Hi, the waf related functionality can be explicitly disabled by adding --feature-gates=waf=false flag 😄
Ideally it's automatically detected, but you need to specify it for this case since the client sdk thought waf is available in ap-south-1
Thanks for pointing this out. I will try it out.
Thanks for pointing this out. I will try it out.
Thanks for the quick reply 😄 please tell me if it works after you tried, and i'll add an trouble shot section in our docs 😄
@M00nF1sh Hey, where should I specify this flag --feature-gates=waf=false
, the ALB controller or somewhere in the ingress? I'm getting the same error for ca-central-1. Thanks!
@AndresPineros , in the yaml of the controller.
If you install it via helm, add --set extraArgs."feature-gates"='waf=false'
in helm upgrade command.
If you install it via kubectl, add - --feature-gates=waf=false
to the spec->containers->args
section, similar to the cluster-name flag 😄
@M00nF1sh Thanks, it worked.
@M00nF1sh Thanks. This worked.
This is happening for clusters running in regions where there is no waf support.