I have an EKS cluster Kubernetes 1.17 with ALB ingress controller V2.0.0 and Kubeflow 1.0 & kfctl 1.0 . The able to get that working and ALB will be spinned up.
I upgraded to EKS cluster Kubernetes 1.18 with ALB ingress controller V2.1.3 and Kubeflow 1.2 & kfctl 1.2 ALB ingress works for a hello world app or 2048 sample app and I can see a new ALB. But when I do a kfctl apply -f kfctl-aws-cognito.yml it throws an error saying, not able to find user pool client in user pool. But the app clients exist.
oupARN"},"targetType":"instance","serviceRef":{"name":"istio-ingressgateway","port":80},"networking":{"ingress":[{"from":[{"securityGroup":{"groupID":{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}}}],"ports":[{"protocol":"TCP"}]}]}}}}}}}}"} {"level":"info","ts":1619614892.9054444,"logger":"controllers.ingress","msg":"creating listener rule","stackID":"test-apps","resourceID":"443:1"} {"level":"error","ts":1619614893.0066664,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps","namespace":"","error":"failed to create listener rule: InvalidLoadBalancerAction: The user pool client '35bad0v2ctvu9do5rktvfjud8g' does not exist in the provided user pool\n\tstatus code: 400, request id: 3536aee0-27e4-4262-8b1e-0fefe77c7db6"}
Full ALB ingress controller logs
{"level":"info","ts":1619612888.4898257,"logger":"controllers.ingress","msg":"creating listener rule","stackID":"test-apps","resourceID":"443:1"} {"level":"error","ts":1619612888.5878866,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps","namespace":"","error":"failed to create listener rule: InvalidLoadBalancerAction: The user pool client '35bad0v2ctvu9do5rktvfjud8g' does not exist in the provided user pool\n\tstatus code: 400, request id: 29cbd1c1-a255-4886-9904-bf5b9d5d1558"} {"level":"info","ts":1619613888.849858,"logger":"controllers.ingress","msg":"successfully built model","model":"{"id":"test-apps","resources":{"AWS::EC2::SecurityGroup":{"ManagedLBSecurityGroup":{"spec":{"groupName":"k8s-testapps-00e85f9aab","description":"[k8s] Managed SecurityGroup for LoadBalancer","ingress":[{"ipProtocol":"tcp","fromPort":443,"toPort":443,"ipRanges":[{"cidrIP":"0.0.0.0/0"}]}]}}},"AWS::ElasticLoadBalancingV2::Listener":{"443":{"spec":{"loadBalancerARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN"},"port":443,"protocol":"HTTPS","defaultActions":[{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain","statusCode":"404"}}],"certificates":[{"certificateARN":"arn:aws:acm:us-east-1:Accountnum:certificate/b3a7856e-fbc8-44a5-a01e-a7a25dd273fd"}],"sslPolicy":"ELBSecurityPolicy-2016-08"}}},"AWS::ElasticLoadBalancingV2::ListenerRule":{"443:1":{"spec":{"listenerARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::Listener/443/status/listenerARN"},"priority":1,"actions":[{"type":"authenticate-cognito","authenticateCognitoConfig":{"onUnauthenticatedRequest":"authenticate","scope":"openid","sessionCookieName":"AWSELBAuthSessionCookie","sessionTimeout":604800,"userPoolARN":"arn:aws:cognito-idp:us-east-1:Accountnum:userpool/us-east-1_UHDE4Hvi","userPoolClientID":"35bad0v2ctvu9do5rktvfjud8g","userPoolDomain":"verisk-vdas-kf.auth.us-east-1.amazoncognito.com"}},{"type":"forward","forwardConfig":{"targetGroups":[{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress-istio-ingressgateway:80/status/targetGroupARN"}}]}}],"conditions":[{"field":"path-pattern","pathPatternConfig":{"values":["/"]}}]}}},"AWS::ElasticLoadBalancingV2::LoadBalancer":{"LoadBalancer":{"spec":{"name":"k8s-testapps-65ef24686e","type":"application","scheme":"internal","ipAddressType":"ipv4","subnetMapping":[{"subnetID":"subnet-088b51fcbedda663a"},{"subnetID":"subnet-0bae2da7f02a573d2"}],"securityGroups":[{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}]}}},"AWS::ElasticLoadBalancingV2::TargetGroup":{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"name":"k8s-istiosys-istioing-20863fac8a","targetType":"instance","port":31380,"protocol":"HTTP","protocolVersion":"HTTP1","healthCheckConfig":{"port":"traffic-port","protocol":"HTTP","path":"/","matcher":{"httpCode":"200"},"intervalSeconds":15,"timeoutSeconds":5,"healthyThresholdCount":2,"unhealthyThresholdCount":2}}}},"K8S::ElasticLoadBalancingV2::TargetGroupBinding":{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"template":{"metadata":{"name":"k8s-istiosys-istioing-20863fac8a","namespace":"istio-system","creationTimestamp":null},"spec":{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress-istio-ingressgateway:80/status/targetGroupARN"},"targetType":"instance","serviceRef":{"name":"istio-ingressgateway","port":80},"networking":{"ingress":[{"from":[{"securityGroup":{"groupID":{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}}}],"ports":[{"protocol":"TCP"}]}]}}}}}}}}"} {"level":"info","ts":1619613890.8417456,"logger":"controllers.ingress","msg":"creating listener rule","stackID":"test-apps","resourceID":"443:1"} {"level":"error","ts":1619613890.934571,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps","namespace":"","error":"failed to create listener rule: InvalidLoadBalancerAction: The user pool client '35bad0v2ctvu9do5rktvfjud8g' does not exist in the provided user pool\n\tstatus code: 400, request id: 0f1286ac-90f3-41fa-9099-244301eaa0d2"} {"level":"info","ts":1619614891.2960463,"logger":"controllers.ingress","msg":"successfully built model","model":"{"id":"test-apps","resources":{"AWS::EC2::SecurityGroup":{"ManagedLBSecurityGroup":{"spec":{"groupName":"k8s-testapps-00e85f9aab","description":"[k8s] Managed SecurityGroup for LoadBalancer","ingress":[{"ipProtocol":"tcp","fromPort":443,"toPort":443,"ipRanges":[{"cidrIP":"0.0.0.0/0"}]}]}}},"AWS::ElasticLoadBalancingV2::Listener":{"443":{"spec":{"loadBalancerARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::LoadBalancer/LoadBalancer/status/loadBalancerARN"},"port":443,"protocol":"HTTPS","defaultActions":[{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain","statusCode":"404"}}],"certificates":[{"certificateARN":"arn:aws:acm:us-east-1:AccountNum:certificate/b3a7856e-fbc8-44a5-a01e-a7a25dd273fd"}],"sslPolicy":"ELBSecurityPolicy-2016-08"}}},"AWS::ElasticLoadBalancingV2::ListenerRule":{"443:1":{"spec":{"listenerARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::Listener/443/status/listenerARN"},"priority":1,"actions":[{"type":"authenticate-cognito","authenticateCognitoConfig":{"onUnauthenticatedRequest":"authenticate","scope":"openid","sessionCookieName":"AWSELBAuthSessionCookie","sessionTimeout":604800,"userPoolARN":"arn:aws:cognito-idp:us-east-1:184842432656:userpool/us-east-1_UHDE4Hvi","userPoolClientID":"35bad0v2ctvu9do5rktvfjud8g","userPoolDomain":"verisk-vdas-kf.auth.us-east-1.amazoncognito.com"}},{"type":"forward","forwardConfig":{"targetGroups":[{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress-istio-ingressgateway:80/status/targetGroupARN"}}]}}],"conditions":[{"field":"path-pattern","pathPatternConfig":{"values":["/"]}}]}}},"AWS::ElasticLoadBalancingV2::LoadBalancer":{"LoadBalancer":{"spec":{"name":"k8s-testapps-65ef24686e","type":"application","scheme":"internal","ipAddressType":"ipv4","subnetMapping":[{"subnetID":"subnet-088b51fcbedda663a"},{"subnetID":"subnet-0bae2da7f02a573d2"}],"securityGroups":[{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}]}}},"AWS::ElasticLoadBalancingV2::TargetGroup":{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"name":"k8s-istiosys-istioing-20863fac8a","targetType":"instance","port":31380,"protocol":"HTTP","protocolVersion":"HTTP1","healthCheckConfig":{"port":"traffic-port","protocol":"HTTP","path":"/","matcher":{"httpCode":"200"},"intervalSeconds":15,"timeoutSeconds":5,"healthyThresholdCount":2,"unhealthyThresholdCount":2}}}},"K8S::ElasticLoadBalancingV2::TargetGroupBinding":{"istio-system/istio-ingress-istio-ingressgateway:80":{"spec":{"template":{"metadata":{"name":"k8s-istiosys-istioing-20863fac8a","namespace":"istio-system","creationTimestamp":null},"spec":{"targetGroupARN":{"$ref":"#/resources/AWS::ElasticLoadBalancingV2::TargetGroup/istio-system/istio-ingress-istio-ingressgateway:80/status/targetGroupARN"},"targetType":"instance","serviceRef":{"name":"istio-ingressgateway","port":80},"networking":{"ingress":[{"from":[{"securityGroup":{"groupID":{"$ref":"#/resources/AWS::EC2::SecurityGroup/ManagedLBSecurityGroup/status/groupID"}}}],"ports":[{"protocol":"TCP"}]}]}}}}}}}}"} {"level":"info","ts":1619614892.9054444,"logger":"controllers.ingress","msg":"creating listener rule","stackID":"test-apps","resourceID":"443:1"} {"level":"error","ts":1619614893.0066664,"logger":"controller","msg":"Reconciler error","controller":"ingress","name":"test-apps","namespace":"","error":"failed to create listener rule: InvalidLoadBalancerAction: The user pool client '35bad0v2ctvu9do5rktvfjud8g' does not exist in the provided user pool\n\tstatus code: 400, request id: 3536aee0-27e4-4262-8b1e-0fefe77c7db6"}
