shapirov103
commented
1 month ago @Pjv93 do you mind adding a blueprint that we can use to validate that the addon works?
Open Pjv93 opened 1 month ago
shapirov103
commented
1 month ago @Pjv93 do you mind adding a blueprint that we can use to validate that the addon works?
Pjv93
commented
1 month ago @shapirov103 OFC! Here is a sample blueprint that:
Sets up a Kubernetes ingress controller with specified configurations for handling ingress traffic, including load balancing settings, SSL/TLS termination, and routing.
Automates DNS record management based on services and ingresses within the cluster, simplifying the process of connecting domain names to dynamically provisioned resources like load balancers.
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';
import { KubernetesIngressAddOn } from '../lib/addons/kubernetes-nginx';
const app = new cdk.App();
const account = '1234567890';
const region = 'us-east-2';
const version = 'auto';
const myDomainName = "test.example.com";
// Configure the Kubernetes Ingress AddOn
const kubernetesIngressAddOn = new KubernetesIngressAddOn({
crossZoneEnabled: true,
internetFacing: true,
targetType: 'ip',
externalDnsHostname: 'example.com',
certificateResourceName: 'arn:aws:acm:us-east-2:123456789:certificate/xxxxxxxxx',
});
const addOns: Array<blueprints.ClusterAddOn> = [
new blueprints.addons.CalicoOperatorAddOn(),
new blueprints.addons.AwsLoadBalancerControllerAddOn(),
new blueprints.addons.VpcCniAddOn(),
new blueprints.addons.CoreDnsAddOn(),
new blueprints.addons.CertManagerAddOn(),
new blueprints.addons.ExternalsSecretsAddOn(),
kubernetesIngressAddOn,
new blueprints.addons.ExternalDnsAddOn({
hostedZoneResources: ["MyHostedZone1"]
})
];
const stack = blueprints.EksBlueprint.builder()
.account(account)
.region(region)
.version(version)
.resourceProvider("MyHostedZone1", new blueprints.LookupHostedZoneProvider(myDomainName))
.addOns(...addOns)
.build(app, 'eks-blueprint');Here are the annotations applied to the Ingress Controller
helm get values k8s-ingress -n kube-system
USER-SUPPLIED VALUES:
controller:
electionID: ingress-controller-leader
ingressClassResource:
controllerValue: k8s.io/ingress-nginx
default: false
enabled: true
name: nginx
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: pjv.people.aws.dev
nginx.ingress.kubernetes.io/force-ssl-redirect: true
service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:0123456789:certificate/xxxxxx
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-type: external
targetPorts:
http: http
https: httpSimple Ingress using test.pjv.people.aws.dev/
Pjv93
commented
1 month ago Sounds good! I know it needs a lot of work but wanted to at least have some visibility on it. I will work on your comments. Thanks!
elamaran11
commented
1 month ago Sounds good! I know it needs a lot of work but wanted to at least have some visibility on it. I will work on your comments. Thanks!
Honestly this is great work, addon work is almost there, you just need to complete to cover all grounds.
Issue #, if available:
*Description of changes: This PR introduces the Kubernetes Ingress Add-On class that supports additional configuration options like SSL redirection, cross-zone load balancing, and external DNS integration. The aim is to provide an extensible and configurable Ingress solution within the EKS blueprints framework.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.