Fix ALB Ingress Controller Errors & Sync Failures - Container Compute Service

The ALB Ingress controller forwards external requests to applications in a Kubernetes cluster. It watches for changes in Services and endpoints associated with an ALB Ingress, then syncs those changes to the backend server groups of the corresponding Application Load Balancer (ALB) instance in real time. The changes are also synchronized to the ALB console.

When synchronization fails, the controller records error events. This topic explains how to view those events and resolve the underlying issues.

How it works

Based on the AlbConfig you configure, the ALB Ingress controller:

Creates an ALB instance and two listeners (listener1 and listener2).
Creates forwarding rules (rule1 and rule2) based on the Ingress configuration, and associates them with listener2. rule1 specifies two backend server groups (vgroup1 and vgroup2); rule2 specifies one (vtgroup2).
Watches Services and endpoints for changes and syncs them to the ALB instance's backend server groups in real time.

Step 1: View error events

Update the ALB Ingress controller to the latest version before diagnosing. Events are continuously updated, and the latest version includes the most complete error messages.
Run the following command to describe the Ingress and view its events:
```
kubectl -n your-namespace describe ingress your-ingress-name
```
In the output, find the Events section. Each event follows this lifecycle: Any error message that appears between these two markers is the error to diagnose. Match it against the errors in Step 2.
- Scheduled for sync — the event starts.
- Successfully reconciled — the event ends.

Step 2: Resolve errors

Locate your error in the list below and follow the corresponding resolution.

listener is not exist, port: 80, protocol: HTTP
listener not found for (80/HTTP), with ingresses 1
none certificate found for host
The param of Rules.1.RuleConditions.2.PathConfig.Values.1 is illegal
The param of ServerGroupName is illegal
The specified resource sgp-vz2fb219vv792flx3u is in use
Message: Invalid value. Set the value in a valid format.

`listener is not exist, port: 80, protocol: HTTP`

Cause: ALB Ingress controller 2.11.0 and later can associate a listener with an Ingress but cannot create the listener automatically. If the listener referenced in an Ingress is not defined in an AlbConfig, this error occurs.

Solution: For ALB Ingress controller 2.11.0 and later, define all listeners you want to use in the AlbConfig before associating them with an Ingress.

`listener not found for (80/HTTP), with ingresses 1`

Cause: ALB Ingress controller 2.11.0 and later generates this error when you remove a listener from an AlbConfig while the listener is still associated with an Ingress. The event includes the listener details and the number of affected Ingresses.

Solution: Before removing a listener from an AlbConfig, disassociate all Ingresses from it.

Important

If you accidentally remove a listener, re-add it to the AlbConfig.

`none certificate found for host`

Cause: TLS and automatic certificate discovery are enabled, but no certificate is associated with the domain name in the Certificate Management Service console.

Solution: Use one of the following approaches:

Automatic discovery: Create a certificate in the Certificate Management Service console. The ALB Ingress controller discovers the certificate automatically based on the domain name in the Ingress configuration. For details, see Configure an HTTPS certificate for encrypted communication.
Manual specification: Specify the certificate directly in the AlbConfig. For details, see Configure an HTTPS certificate for encrypted communication.

`The param of Rules.1.RuleConditions.2.PathConfig.Values.1 is illegal`

Cause: An invalid path is specified when creating or modifying a forwarding rule.

Solution: Check which scenario applies:

If rewrite rules are configured in the Ingress: Set pathType to Prefix.
If no rewrite rule is configured: The path value may contain unsupported characters.

Note
You can specify a regular expression in the path parameter. Otherwise, the path must start with a forward slash (/). The path can contain letters, digits, and the following special characters: $ + / & ~ @ _ - . : * ?. Asterisks (*) and question marks (?) are valid wildcard characters.

`The param of ServerGroupName is illegal`

Cause: The name of the backend server group associated with the ALB instance is invalid.

Solution: Rename the backend server group to match the required format:

Requirement	Detail
Format	`Namespace + Service name + Port number`
Length	2–128 characters
Allowed characters	Letters, digits, periods (`.`), underscores (`_`), and hyphens (`-`)
Must start with	A letter

`The specified resource sgp-vz2fb219vv792flx3u is in use`

Cause: The backend server group is already added to another ALB instance.

Solution:

Log on to the ALB console.
In the left-side navigation pane, choose ALB > Server Groups.
On the Server Groups page, find the backend server group and remove it from the other ALB instance.

`Message: Invalid value. Set the value in a valid format.`

Cause: The certificate ID specified in the AlbConfig is invalid.

Solution: Check whether the ID you specified is a resource ID or a numeric ID. Replace it with the certificate ID specified by the CertIdentifier parameter.