search

h3poteto / aws-global-accelerator-controller

A Kubernetes controller for Global Accelerators and Route53
Apache License 2.0
27 stars 8 forks source link

Global load accelerator created with incorrect listener port # #101

Closed gbhosal closed 1 year ago

gbhosal commented 1 year ago

I was looking for K8S integration with AWS Global Accelerator and stumbled upon this solution. Thank you for sharing it.

During my testing, I happened to notice that Global Accelerator got created with listener port 80 instead of 443. Ingress specification is provided below. I'm yet to play around with DNS record creation. 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:1111111111:certificate/fef70ddf-b3ed-42c7-86af-f9e215977a6d
    alb.ingress.kubernetes.io/group.name: som-dev.hssom-pos-app-internal-ingress
    alb.ingress.kubernetes.io/group.order: "1"
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "60"
    alb.ingress.kubernetes.io/healthcheck-path: /HSPOSAppService/
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "10"
    alb.ingress.kubernetes.io/healthy-threshold-count: "2"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/security-groups: sg-08e0f96c4c6cf36a1,sg-056d4775173488c2b
    alb.ingress.kubernetes.io/success-codes: 200-299
    alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=60
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/unhealthy-threshold-count: "10"
    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: "yes"
    external-dns.alpha.kubernetes.io/hostname: hssom-pos-app-dev.example.com
    external-dns.alpha.kubernetes.io/route53-zone-type: private
    kubernetes.io/ingress.class: alb
    meta.helm.sh/release-name: hssom-hspos-app-service
    meta.helm.sh/release-namespace: som-dev
  labels:
    app: hssom-hspos-app-service
  name: hssom-hspos-app-service-int-ingress
  namespace: som-dev
spec:
  rules:
  - http:
      paths:
      - backend:
          service:
            name: hssom-hspos-app-service
            port:
              number: 80
        path: /HSPOSAppService/*
        pathType: ImplementationSpecific
h3poteto commented 1 year ago

Thank you for your reporting. I got it. The port in the spec is read: https://github.com/h3poteto/aws-global-accelerator-controller/blob/86739739a44ed22fdccc3d34b7b14ccec9e78903/pkg/cloudprovider/aws/global_accelerator.go#L465 You mean that it should read port from the annotation alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' in this case.

gbhosal commented 1 year ago

Thank you for your reporting. I got it. The port in the spec is read:

https://github.com/h3poteto/aws-global-accelerator-controller/blob/86739739a44ed22fdccc3d34b7b14ccec9e78903/pkg/cloudprovider/aws/global_accelerator.go#L465

You mean that it should read port from the annotation alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' in this case.

Yes because it defines which listener ports should be configured on ALB and we match these listener ports on AWS Global Accelerator.

gbhosal commented 1 year ago

@h3poteto I don't have Go skillset to address this issue. Do you have any idea by when this may get fixed?

h3poteto commented 1 year ago

Hmm, now I don't have enough time to check this project, so I'm not sure. :cry:

h3poteto commented 1 year ago

Sorry for the delay, I will do it.

h3poteto commented 1 year ago

@gbhosal Please try v0.8.1!