Aws-load-balancer-controller: alb.ingress.kubernetes.io/tags not updating properly

Created on 30 May 2019  路  19Comments  路  Source: kubernetes-sigs/aws-load-balancer-controller

If you update alb.ingress.kubernetes.io/tags, tags are not created, deleted, or updated on ELB. For it to update you need to change alb.ingress.kubernetes.io/tags again, and it will show the previous tags. Then you change it again and the tags from the second application will appear, but not the ones from the last application.

| | Tags on Kubernetes YAML | Tags on AWS ELB |
|-|-|-|
| Initial Apply | A=a | A=a |
| 2nd Apply | B=b | A=a |
| 3rd Apply | C=c | B=b |
| 4th Apply | | C=c |
| 5th Apply | D=d | |
| 6th Apply | E=e | D=d |
| 7th Apply | E=e,F=f | E=e |
| 8th Apply | F=f | E=e,F=f |
| 9th Apply | G=g | F=f |
| 10th Apply | G=g | G=g |

The AWS tags are always one state behind from the ones specified on Kubernetes YAML.

It is even stranger because AddTags and DeleteTags events are logged on CloudTrail and on AWS search bar I can see the tags and its values, but if I filter no ELBs are listed. The same happens on AWS CLI and Boto3 if you describe the ELBs, its tags do not appear or appear outdated.

I've waited more than 10min to verify if there was some delay on tag application but nothing happened. The tags just update if I change Ingress YAML again.

The changes on YAML doesn't necessarily need to be on alb.ingress.kubernetes.io/tags, any change the forces Kubernetes to reconfigure Ingress will make the tags from the previous configuration appear.

  • Initial Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: A=a
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 2nd Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: B=b
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 3rd Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: C=c
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 4th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 5th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: D=d
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 6th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: E=e
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 7th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: E=e,F=f
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 8th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: F=f
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 9th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: G=g
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
  • 10th Apply
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/tags: G=g
    alb.ingress.kubernetes.io/target-type: ip
    H: h
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: nginx
              servicePort: 80
lifecyclrotten
Source
picture t0rr3sp3dr0
👍8

Most helpful comment

/reopen

picture t0rr3sp3dr0 on 20 Apr 2020
👍2

All 19 comments

I can confirm this behavior. Tags are properly applied to TargetGroups, however.

fimbulvetr picture fimbulvetr on 16 Jul 2019

waf-acl-id is also experiencing similar behavior. Adding the annotation to an existing ingress doesnt do anything. removing the annotation causes the ingress controller to add the waf acl to the alb. I believe that the ingress controller's sync period will eventually reconcile the proper behavior, but this defaults to 1 hour.

rifelpet picture rifelpet on 15 Aug 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

fejta-bot picture fejta-bot on 13 Nov 2019

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

fejta-bot picture fejta-bot on 13 Dec 2019

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

fejta-bot picture fejta-bot on 12 Jan 2020

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 12 Jan 2020

I have the same issue and it's not being fixed

salemgolemugoo picture salemgolemugoo on 21 Feb 2020

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

fejta-bot picture fejta-bot on 22 Mar 2020

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 22 Mar 2020

/reopen

_Well, I tried_

swarmer picture swarmer on 20 Apr 2020
😄1

@swarmer: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 20 Apr 2020

/reopen

t0rr3sp3dr0 picture t0rr3sp3dr0 on 20 Apr 2020
👍2

@t0rr3sp3dr0: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 20 Apr 2020

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

fejta-bot picture fejta-bot on 20 May 2020

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 20 May 2020

Any update on this issue ? Even I am facing same issue while enabling logs on alb.

tibin-mfl picture tibin-mfl on 8 Jul 2020

@tibin-mfl: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 9 Jul 2020

Just ran into the exact same issue trying to update alb.ingress.kubernetes.io/load-balancer-attributes.

msonnabaum picture msonnabaum on 17 Sep 2020

Also seeing the problem with alb.ingress.kubernetes.io/load-balancer-attributes.

ALB Ingress Controller v1.1.8, Kubernetes v1.17.

MaxBango picture MaxBango on 9 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rdubya16 picture rdubya16  路  4Comments
jcderr picture jcderr  路  3Comments
brylex418 picture brylex418  路  4Comments
madhu131313 picture madhu131313  路  3Comments
ghostsquad picture ghostsquad  路  4Comments