Your VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) is hosted in AWS or any other IaaS.

You would like to set up load balancer for Internet access following the steps from this documentation, Configuring Load Balancer API.

Using Application Load Balancer (ALB), you created 2 listeners for the ALB:

• HTTPS:8443 with target the IP address of PKS, port 8443 and protocol HTTPS
• HTTPS:9021 with target the IP address of PKS, port 9021 and protocol HTTPS

Healthcheck is using HTTPS, path '/' and traffic port. Once the ALB is up, the ALB showed unhealthy status of the target with the error: 'Health checks failed with these codes [404]'

This Knowledge Base (KB) article covers how to avoid this error and succesfully configure heathchecks.

Product Version: 1.6

The TKGI API has two services that are exposed on two different ports:

• 9021 for TKGI API
• 8443 for UUA 

Both services require some sort of authentication in order to respond with status 200.

Running curl to any of them would result in 404 not found or 403 not authorized.

There are two calls that do not require authentication and the response is 200 for the ALB to present the service as healthy.

• For UAA:

curl -k -v https://<ALBIP>:8443/healthz
> GET /healthz HTTP/1.1
> Host: <ALBIP>:8443
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 20

• For PKS API:

curl -k -v https://<ALBIP>:9021/actuator

curl -k -v https://<ALBIP>:9021/actuator/health

These will produce the same 200 response without the need to authenticate. This way the healthcheck can be configured on any load balancer.