Getting 502 bad gateway using linkerd-multicluster with AWS ALB Ingress

[santoshboorlagadda]

We are implementing linkerd multi-cluster feature using aws eks service. In aws we are planning to use alb ingress controller(aws Application load balancer) for multi-cluster communication.

So as part of this we have implemented linkerd multi-cluster communication by going through the documentation https://linkerd.io/2/tasks/multicluster/, here communication is happening with mTLS security.
We are able to establish successful communication with the Loadbalancer service.
we tried changing Linkerd gateway service type from Loadbalancer to Nodeport type.
and created ingress objects for ports. we are getting 502 bad gateway response soon after launching application load balancer dns directly from browser.
We tried in different ways to resolve this issue.

Can anyone suggest us what we are missing.

Thanks in Advance :)

apiVersion: v1
kind: Service
metadata:
annotations:
linkerd.io/control-plane-component: gateway
linkerd.io/created-by: linkerd/cli stable-2.9.2
mirror.linkerd.io/gateway-identity: linkerd-gateway.linkerd-multicluster.serviceaccount.identity.linkerd.cluster.local
mirror.linkerd.io/multicluster-gateway: "true"
mirror.linkerd.io/probe-path: /health
mirror.linkerd.io/probe-period: "3"
name: linkerd-gateway-alb
namespace: linkerd-multicluster
spec:
ports:

• name: mc-gateway
  port: 4143
  protocol: TCP
  targetPort: 4143
• name: mc-probe
  port: 4181
  protocol: TCP
  targetPort: 4181
  selector:
  app: linkerd-gateway
  type: NodePort

---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "linkerd-gateway-ingress"
namespace: "linkerd-multicluster"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/group.name: "linkerdtest"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 4143}]'
alb.ingress.kubernetes.io/security-groups: "sg-1"
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/healthcheck-port: '4181'
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/subnets: "subnet-1,subnet-2"
labels:
appname: "linkerd-gateway"
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: "linkerd-gateway-alb"
servicePort: 4143

---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "linkerd-gateway-ingress-probe"
namespace: "linkerd-multicluster"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/group.name: "linkerdtest"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 4181}]'
alb.ingress.kubernetes.io/security-groups: "sg-1"
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/subnets: "subnet-1,subnet-2"
labels:
appname: "linkerd-gateway"
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: "linkerd-gateway-alb"
servicePort: 4181