AWS ALB Ingress Controller for Kubernetes doesnt work

AWS ALB Ingress Controller for Kubernetes "don't create or don't change" new ingress applies


bash-4.4$ kubectl  -n kube-system logs -f alb-ingress-controller-6c56545b67-glmsk 
I0915 01:11:42.985011 1 launch.go:112] &{ALB Ingress Controller 1.0-beta.4 git-385f5365 git://}
I0915 01:11:42.985079 1 launch.go:115] Watching for ingress class: alb
I0915 01:11:42.985323 1 launch.go:282] Creating API client for
I0915 01:11:42.995018 1 launch.go:294] Running in Kubernetes Cluster version v1.9 (v1.9.3) - git (clean) commit d2835416544f298c919e2ead3be3d0864b52323b - platform linux/amd64
I0915 01:11:42.996964 1 launch.go:134] validated kube-system/default-http-backend as the default backend
I0915 01:11:43.001451 1 alb-controller.go:121] [ALB-INGRESS] [controller] [INFO]: Ingress class set to alb
I0915 01:11:43.001469 1 alb-controller.go:130] [ALB-INGRESS] [controller] [INFO]: albNamePrefix undefined, defaulting to 48a1d4ec
I0915 01:11:43.001477 1 alb-controller.go:169] [ALB-INGRESS] [sync] [DEBUG]: Requesting Lock.
I0915 01:11:43.001483 1 alb-controller.go:169] [ALB-INGRESS] [sync] [DEBUG]: Lock was available.
I0915 01:11:43.001488 1 alb-controller.go:171] [ALB-INGRESS] [controller] [DEBUG]: Lock was available. Attempting sync
I0915 01:11:43.181067 1 alb-controller.go:179] [ALB-INGRESS] [controller] [DEBUG]: Retrieved tag information on 1 load balancers, 11 target groups, 0 listeners, 0 rules, and 0 subnets.
I0915 01:11:43.181094 1 albingresses.go:83] [ALB-INGRESS] [ingress] [INFO]: Building list of existing ALBs
I0915 01:11:43.233816 1 albingresses.go:91] [ALB-INGRESS] [ingress] [INFO]: Fetching information on 1 ALBs
I0915 01:11:43.259896 1 albingresses.go:98] [ALB-INGRESS] [ingress] [DEBUG]: Retrieved information on 1 target groups


When AWS ALB detect one old existing ingress, security-group, or load balance (LB) who was not created by himself, and is this LB is not complete, starting the problems.


We created a deploy with aws, but mannualy delete a LB, or change the alb-ingress security group of VPC.

If we change mannualy the LB+Security_Group created by ALB, we have a future problem.

The soluction is simple, and you need to clear this objects inside aws.

To help you whith debug, add this ENV inside `alb-ingress-controller.yaml` and apply again the yaml file.

- name: LOG_LEVEL
value: DEBUG

After the  manually "removing and clean" inside AWS portal, you can see inside the logs:

I0915 02:43:16.319688       1 targetgroup.go:153] [ALB-INGRESS] [test/novalue-pvc] [INFO]: Completed TargetGroup deletion.
I0915 02:43:16.319723       1 alb-controller.go:231] [ALB-INGRESS] [sync] [DEBUG]: Unlock'd.

Than you can remove the LOG_LEVEL DEBUG env, apply, and apply one new ingress.