Hue on AWS EKS with IPv6 family #3506
Description
Is there an existing issue for this?
- I have searched the existing issues
Description
We deployed Hue on AWS EKS with IPv6 configurations in three Public subnets of VPC. Also, deployed AWS ALB controller and mapped the ingress associated with ALB to Route 53 record name. However, when we try to access huev6.data-core-dev.aws.idealo.cloud from browser, it shows 502 Bad Gateway and the target groups shows the health status as unhealthy. We also allowed traffic from ALB to EKS nodes security groups.
Below is ingress.yaml file:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-hue
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/ip-address-type: dualstack
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-port: '8888'
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /hue/editor
alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
external-dns.alpha.kubernetes.io/hostname: huev6.data-core-dev.aws.idealo.cloud
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hue
port:
number: 8888
Versions:
AWS EKS v1.22
aws-load-balancer-controller:v2.6.1
Hue v4.11
Steps To Reproduce
1-Create EKS cluster using IPv6 family using eksctl create cluster -f cluster-config.yaml command
2-Install AWS ALB ingress controller
3-Apply all manifest files of Hue on EKS
4-Establish a linkage between the ingress linked with ALB and the Route53 record name
5-Attempting to access huev6.data-core-dev.aws.idealo.cloud from a browser results in a "502 Bad Gateway" error. Additionally, in the AWS Console, the target groups display an unhealthy health status.
Logs
Logs snippets from AWS ALB ingress controller:
{"level":"info","ts":"2023-10-18T21:50:09Z","logger":"controllers.ingress","msg":"successfully built model","model":"{\"id\":\"hue-ip6/ingress-hue\",\"resources\":{\"AWS::EC2::SecurityGroup\":{\"ManagedLBSecurityGroup\":{\"spec\":{\"groupName\":\"k8s-hueip6-ingressh-e62f22d561\",\"description\":\"[k8s] Managed SecurityGroup for LoadBalancer\",\"tags\":{\"App\":\"hue\",\"Environment\":\"dev\",\"Team\":\"pacman\"},\"ingress\":[{\"ipProtocol\":\"tcp\",\"fromPort\":80,\"toPort\":80,\"ipRanges\":[{\"cidrIP\":\"0.0.0.0/0\"}]},{\"ipProtocol\":\"tcp\",\"fromPort\":80,\"toPort\":80,\"ipv6Ranges\":[{\"cidrIPv6\":\"::/0\"}]}]}}},\"AWS::ElasticLoadBalancingV2::Listener\":{\"80\":{\"spec\":{\"loadBalancerARN\":{\"$ref\":\"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN\"},\"port\":80,\"protocol\":\"HTTP\",\"defaultActions\":[{\"type\":\"fixed-response\",\"fixedResponseConfig\":{\"contentType\":\"text/plain\",\"statusCode\":\"404\"}}],\"tags\":{\"App\":\"hue\",\"Environment\":\"dev\",\"Team\":\"pacman\"}}}},\"AWS::ElasticLoadBalancingV2::ListenerRule\":{\"80:1\":{\"spec\":{\"listenerARN\":{\"$ref\":\"#/resources/AWS::ElasticLoadBalancingV2::Listener/80/status/listenerARN\"},\"priority\":1,\"actions\":[{\"type\":\"forward\",\"forwardConfig\":{\"targetGroups\":[{\"targetGroupARN\":{\"$ref\":\"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/hue-ip6/ingress-hue-hue:8888/status/targetGroupARN\"}}]}}],\"conditions\":[{\"field\":\"path-pattern\",\"pathPatternConfig\":{\"values\":[\"/*\"]}}],\"tags\":{\"App\":\"hue\",\"Environment\":\"dev\",\"Team\":\"pacman\"}}}},\"AWS::ElasticLoadBalancingV2::LoadBalancer\":{\"LoadBalancer\":{\"spec\":{\"name\":\"k8s-hueip6-ingressh-051b1aa369\",\"type\":\"application\",\"scheme\":\"internet-facing\",\"ipAddressType\":\"dualstack\",\"subnetMapping\":
Target Group Status:
Hue version
4.11