Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Issue with 502 Bad Gateway on EKS with ALB Ingress

RESOLVED: The issue was that the port configured on the service did not match the one specified in the labels.

I have created an EKS cluster in AWS, where I am trying to deploy a service. So far, I have set up a Deployment, a Service (NodePort), and an Ingress that creates an Application Load Balancer (ALB).

I have followed the AWS documentation on routing application and HTTP traffic with Application Load Balancers (https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) and successfully deployed the 2048 example without any issues.

Here is my YAML configuration:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: service-auth-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: service-auth
  template:
    metadata:
      labels:
        app.kubernetes.io/name: service-auth
    spec:
      containers:
      - name: service-auth-container
        image: service-auth-img
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: service-auth-sample
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: NodePort
  selector:
    app.kubernetes.io/name: service-auth
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-auth-sample
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: service-auth-sample
              port:
                number: 80

The Pod status is OK an running. The logs also are OK, they show no errors

The Service has been deployed successfully:
NAME TYPE EXTERNAL-IP PORT(S)
service-auth-sample NodePort <none> 80:30533/TCP

And the Ingress shows no logs and a DNS address as expected.

ISSUE
When I try to connect to the DNS using curl to the DNS, I receive a 502 error:

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>

Additionally, the ALB -> target groups show an unhealthy status.

Can anyone help me troubleshoot why I am receiving a 502 error and why the target group health checks are failing? Any insights or steps to debug this issue would be greatly appreciated.

I have already changed the ports in the Service and the Ingress. I have checked the status of the Pod, the Ingress, and the Service, and all of them are OK. I have also deployed the Service Pod in isolation, and it worked fine.

Tags:

2

Answers


  1. 0
    1. Verify security groups: be sure the ALB and the nodes can reach one each other.
    2. With alb.ingress.kubernetes.io/target-type: ip I think you can use Service type ClusterIP. If you use NodePort, you must set target type instance (see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#target-type)
    Login or Signup to reply.
  2. 0

    Having the same issue with 502.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search