[Feature Request] Global LoadBalancer support

[M00nF1sh]

Global LoadBalancer support

[neilkuan]

any update 😊

[fejta-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

[fejta-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

[vito-laurenza-zocdoc]

/remove-lifecycle stale

[nvermalulu]

any update .. Must need feature for DR

ALB Ingress --> Global Load Balancer (aws global accelerator ) --> external DNS automation like we have currently ALB Ingress --> external DNS

[olemarkus]

Being able to have LB controller manage either instance or IP targets to a global accelerator would be really useful.

[IliaGe]

+1 for needed use cases :)

[xeivieni]

+1 needed here to 🙏

[Tien-Jellyfish]

+1

[dbs-gong]

+1

[goruha]

+1

[apatapniou]

+1

[M00nF1sh]

We acknowledge this is a important feature request, and will start work on it post our v2.4.0 release.

[vyanhursky]

+1

[danthegoodman1]

+1

[mihaela1992]

+1

[ChristianOps]

+1

[carlcauchi]

+1

[Eran-BenShahar]

+1

[GuilleAmutio]

+1

[olivernaaris]

+1

[ShonL]

Any updates? 2.4 is out

[mreardonx]

+1

[WaffleThief123]

+1 here as well

[acrazing]

+1 again, any updates?

[anilerencelik]

+1

[thalescosta]

+1

[fabianberisha]

+1

[regmicmahesh]

+1

[fjanicki]

bump, +1

[sgrotz-cepres]

No update on this?

[gbhosal]

+1

[jwenz723]

I was told by an AWS tam that this will likely not get worked on during 2023.

[andrikoz]

We are designing our multi-regional setup, so including aws global accelerator in lb controller is really critical. Do we know if this is already planned?

[ChrisLahaye]

You could provision the load balancer with appropriate tags and global accelerator resources manually. I know this is not an ideal or fully dynamic solution but it at least lets you use ingresses with global accelerator.

1. Provision a load balancer so that we can later provision a global accelerator endpoint group using this static load balancer as endpoint. Apply the following tags to use an existing load balancer with the controller:

       { key: 'elbv2.k8s.aws/cluster', value: clusterName },
       { key: 'ingress.k8s.aws/resource', value: 'LoadBalancer' },
       { key: 'ingress.k8s.aws/stack', value: groupName },

2. Provision the global accelerator with a listener on port 80 and 443 and an endpoint group using the using the static load balancer as endpoint.

3. Create at least one ingress to avoid the load balancer being terminated by the controller. Assign ingresses to this specific load balancer by annotating the resources with alb.ingress.kubernetes.io/group.name using the same value as the ingress.k8s.aws/stack tag of the load balancer. We use the following ingress to ensure there always exists at least one such ingress:

{
  apiVersion: 'networking.k8s.io/v1',
  kind: 'Ingress',
  metadata: {
    name: groupName,
    annotations: {
      'alb.ingress.kubernetes.io/actions.ok': '{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain","statusCode":"200","messageBody":"OK"}}',
      'alb.ingress.kubernetes.io/certificate-arn': certificateArns.join(),
      'alb.ingress.kubernetes.io/group.name': groupName,
      'alb.ingress.kubernetes.io/listen-ports': '[{"HTTP": 80}, {"HTTPS": 443}]',
      'alb.ingress.kubernetes.io/scheme': 'internet-facing',
      'alb.ingress.kubernetes.io/ssl-redirect': '443',
      'kubernetes.io/ingress.class': 'alb',
    },
  },
  spec: {
    rules: [
      {
        host: loadBalancer.attrDnsName,
        http: {
          paths: [
            {
              path: '/',
              pathType: 'ImplementationSpecific',
              backend: {
                service: {
                  name: 'ok',
                  port: { name: 'use-annotation' },
                },
              },
            },
          ],
        },
      },
    ],
  },
},

[andrikoz]

Thanks, @ChrisLahaye I guess that would work, however, we operate with alb controller && external DNS controller so load balancers get provisioned based on ingress objects dynamically via the controller, since we don't want to break the dynamic nature of our flow we are looking for a fully dynamic solution as you pre-mentioned.

[gugu]

I will add one more reason for controller for GA - we need to serve non-http traffic (DNS and HTTPS with custom SNI hook). ALB can not handle it and NLB + GA can not preserve IP address correctly. Controller, which can register instances/IP in Global Accelerator and deregister them automatically will be extremely helpful

[jogendrakumarjangid]

+1

[sujith-s]

+1

[minhhoangvn]

+1

[shamjyothi]

+1

[assiakhateeb]

+1

[dchittibala]

+1

[flossiebilly]

+1

[longleionah]

+1 we need this feature

[Gershon-A]

+1

[potix2]

+1

[bnssoftware]

+1 Any update?

[gugu]

Right now it is possible to use NLB endpoints for AWS Global Accelerator and use controller with NLB

[bnssoftware]

So if this works, why is this still an open issue? Perhaps it's not working like we have requested? So right now, when installing the ingress-nginx controller it automatically creates an NLB in AWS for me and maps that as the external address for the internal Load Balancer. How do I instead tell the Load Balancer to use an existing Global Accelerator address, instead of creating an NLB for me and using that?