I have AWS ALB outside the EKS cluster and have a eks cluster with worker nodes running in private subnets. I have an app deployed and a corresponding service of type NodePort created.
I have installed AWS Load balancer controller using Helm chart as directed by AWS. I have addons (kube-proxy, vpc-cni and coredns) added to the cluster. On the console for all 3 addons i see "IAM Role for Service Account not set" display.I am trying to create Target Group Binding between a TG (type instance) already created outside the cluster for the existing ALB and the EKS service.
When I apply the yaml for TG binding i get the below error
"Error from server (InternalError): error when creating "target-group-binding.yml": Internal error occurred: failed calling webhook "mtargetgroupbinding.elbv2.k8s.aws": failed to call webhook: Post "https://aws-load-balancer-webhook-service.kube-system.svc:443/mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding?timeout=10s": context deadline exceeded"
I have outbound traffic open on ports 443 and 9443 for SG associated with the control plane to Security Grp of worker nodes. Similarly Inbound traffic is open on 443 and 9443 for SG associated with worker nodes from control plane SG. Also EKS cluster is created using Terraform aws eks module.
I am in a flux for not getting TG created even though ports are open. Any help in resolving this will be of help since i have deadline to finish the work.
AWS OFFICIALUpdated 3 months ago
