Old ALBs Not Deleted After Transitioning to Shared ALB via group.name Annotation #4292
Description
We’re in the process of consolidating multiple ALBs created by individual Ingress resources in our EKS cluster into a single shared ALB, using the alb.ingress.kubernetes.io/group.name annotation, to reduce costs.
What We Observed:
- After applying the group.name annotation to several Ingresses, a shared ALB was successfully created.
- Ingress rules and Route 53 records were correctly configured for the shared ALB.
Unexpected Behavior:
- The previously created individual ALBs were not deleted and remained active.
- To better understand the behavior, we performed the following:
- Removed the group.name annotation from the Ingresses:
- The shared ALB was not deleted.
- The old individual ALBs resumed handling traffic.
- The inbound rules on the shared ALB remained in place.
- Re-applied the group.name annotation to just one Ingress:
- The shared ALB updated its rules to reflect only that Ingress.
- The old ALBs still remained and were not cleaned up.
- Removed the group.name annotation from the Ingresses:
We also waited over 10 hours to see if any reconciliation or cleanup would occur automatically, but no changes were observed.
Questions:
- Is this behavior expected when transitioning Ingresses to use a shared ALB?
- What is the recommended approach to ensure that old ALBs are properly deleted?
- Are there additional steps or annotations required to clean up unused ALBs during this migration?
- Why did the shared ALB retain its inbound rules after the group.name annotation was removed, and only update them (removing non-relevant ones) once the annotation was re-applied to a single Ingress?