Search code examples
amazon-web-servicesamazon-eksaws-application-load-balancer

AWS ALB Ingress idle_timeout attribute doesn't work as expected

I have created an ingress with the following values. I need to upload big files. When I deploy this, it sets the load balancer idle timeout to 120 seconds. I want to set it to 1200. Even when I set this to a higher value from the UI, it goes back to 120 seconds after each deploy.

enter image description here

yaml:

ingress:
  enabled: enable
  className: alb
  annotations:
    alb.ingress.kubernetes.io/load-balancer-name: ssl-ingress
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=1200
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
    alb.ingress.kubernetes.io/healthy-threshold-count: '2'
    alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'

Also I got following error on AWS ALB controller pod logs, I couldn't find the target group, it simply doesn't exist.:

{"level":"error","ts":"2024-01-31T15:34:24Z","msg":"Reconciler error","controller":"targetGroupBinding","controllerGroup":"elbv2.k8s.aws","controllerKind":"TargetGroupBinding","TargetGroupBinding":{"name":"k8s-test--d5f2ecdcad","namespace":"test"},"namespace":"test","name":"k8s-test--d5f2ecdcad","reconcileID":"90c34884-7389-4a6f-a14a-8c8cdc1ac917","error":"TargetGroupNotFound: Target groups 'arn:aws:elasticloadbalancing:eu-central-1:**:targetgroup/k8s-test--d5f2ecdcad/837c1cc34395c35f' not found\n\tstatus code: 400, request id: ad2b1d9a-6d60-4f1a-a588-2711da15dd03"}

Solution

  • I was given 120 seconds while installing the alb-ingress helm chart. I upgraded the helm chart, and the issue was resolved.

    clusterName: ekstest

# the name of the IngressClass
ingressClass: alb

# works only if you have a working prometheus operator installed:
# https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
serviceMonitor:
  enabled: false

# make sure to use OIDC for the following, or follow the instructions from here instead:
# https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/#option-a-iam-roles-for-service-accounts-irsa
serviceAccount:
  create: false
  name: aws-load-balancer-controller

ingressClassParams:
  spec:
    scheme: internet-facing
    group:
      name: eks-alb-ingress
    loadBalancerAttributes:
      - key: deletion_protection.enabled
        value: "true" # deletion of all Ingress resources won't delete the ALB
      - key: idle_timeout.timeout_seconds
        value: "1200"
      - key: routing.http.drop_invalid_header_fields.enabled
        value: "true"
      - key: routing.http2.enabled
        value: "true"
      - key: routing.http.preserve_host_header.enabled
        value: "true"