Unable to Route Traffic to Kubernetes Service via ALB Ingress with SSL Termination

0

Hello everyone hope you're doing well, I've been trying to expose a Wazuh SIEM dashboard, it's a Kubernetes Deployment. I've follow the exact same configuration of this post: https://docs.aws.amazon.com/es_es/eks/latest/userguide/alb-ingress.html with my deployment. The NodePort it's created properly, the Ingress too, the controller provide the ALB and the listener on 443, and the target group it's created OK. But I cannot perform any health checks. I suppose it's because the health checks isn't perform in the default root path as the posted example. Anyone know how can I troubleshoot this?

---
apiVersion: v1
kind: Service
metadata:
  namespace: wazuh
  name: wazuh-dashboard-service
spec:
  ports:
    - port: 5601
      targetPort: 5601
      protocol: TCP
  type: NodePort
  selector:
    app: wazuh-dashboard
    lbtype: external
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: wazuh
  name: wazuh-ingress-dashboard
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: "subnet-05fbf4a6250fa2324, subnet-0c3fca6bec1072d2a"
    alb.ingress.kubernetes.io/certificate-arn: <my arn>
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /app
          pathType: Prefix
          backend:
            service:
              name: wazuh-dashboard-service
              port:
                number: 5601
  tls:
    - hosts:
      - alb.siem-marvelad.com
      secretName: tls-secret

1 Answer
0
  1. Health checks for ALB Ingresses are performed against the path specified in the Ingress resource. If your application's health check endpoint is not the default root path (/), you need to adjust the health check path accordingly. In your current configuration, the health check path is set to /app. Ensure that your application is indeed serving content at this path and that it responds with a 200 status code when accessed.

  2. Try accessing the health check URL directly from your browser or using a tool like curl to see if the health check path returns a 200 status code. This can help determine if the issue lies with the application or the ALB configuration.

  3. Since you're using SSL termination, ensure that the TLS certificate referenced in your Ingress configuration (alb.ingress.kubernetes.io/certificate-arn) is valid and covers the domain name you're using to access your application.

profile pictureAWS
EXPERT
Deeksha
answered 19 days ago
profile picture
EXPERT
reviewed 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions