Reconciler error: error getting web acl for load balancer

[kumud-pe]

This is happening for clusters running in regions where there is no waf support.

[kumud-pe]

Because of this, target groups are not getting created and alb.ingress.kubernetes.io/security-groups annotation is not working.

E1126 07:18:53.380593       1 :0] kubebuilder/controller "msg"="Reconciler error" "error"="error getting web acl for load balancer arn:aws:elasticloadbalancing:ap-south-1:549423712792:loadbalancer/app/<lb-name>: RequestError: send request failed\ncaused by: Post https://waf-regional.ap-south-1.amazonaws.com/: dial tcp: lookup waf-regional.ap-south-1.amazonaws.com on 100.64.0.10:53: no such host"  "Controller"="alb-ingress-controller" "Request"={"Namespace":"test","Name":"test-ingress"}

[M00nF1sh]

Hi, the waf related functionality can be explicitly disabled by adding --feature-gates=waf=false flag 😄

Ideally it's automatically detected, but you need to specify it for this case since the client sdk thought waf is available in ap-south-1

[kumud-pe]

Thanks for pointing this out. I will try it out.

[M00nF1sh]

Thanks for pointing this out. I will try it out.

Thanks for the quick reply 😄 please tell me if it works after you tried, and i'll add an trouble shot section in our docs 😄

[AndresPineros]

@M00nF1sh Hey, where should I specify this flag --feature-gates=waf=false, the ALB controller or somewhere in the ingress? I'm getting the same error for ca-central-1. Thanks!

[M00nF1sh]

@AndresPineros , in the yaml of the controller. If you install it via helm, add --set extraArgs."feature-gates"='waf=false' in helm upgrade command. If you install it via kubectl, add - --feature-gates=waf=false to the spec->containers->args section, similar to the cluster-name flag 😄

[AndresPineros]

@M00nF1sh Thanks, it worked.

[kumud-pe]

@M00nF1sh Thanks. This worked.