DingGGu
commented
1 month ago I think it would be better to use HTTPBackend, but in that case, it would also be a good idea to create only a service that is not associate to the ServiceNetwork.
Open DingGGu opened 1 month ago
DingGGu
commented
1 month ago I think it would be better to use HTTPBackend, but in that case, it would also be a good idea to create only a service that is not associate to the ServiceNetwork.
Lattice has various deployment models.
Lattice is limited to 169.254.171.0/24, so only one ServiceNetwork can be associated per VPC. Our deployment model seeks to connect “untrusted zones” between different domain and clusters.
Each cluster has a Lattice ServiceNetwork, and other clusters expose a Lattice Service and then share it in the form of RAM Share. Currently, Gateway Controller has limited support for ServiceExport. Since CrossAccount is not being considered, IaC such as Terraform must be used.
Using two Kubernetes Controller and Terraform, causes a conflict in Lifecylce resource management and makes hard to manage resource.
Therefore, if the Gateway Controller manages only the TargetGroup like TargetGroupBinding of the AWS LoadBalancer Controller, and manages the remaining Service creation, RAM Share, Service Associate, and AuthPolicy through Terraform, I expect that the two life cycles can be clearly separated and managed.
I suggest creating a method to synchronize TargetGroup by explicitly entering the ARN of Lattice TargetGroup, such as TargetGroupBinding, rather than ServiceExport.