search

kubernetes-sigs / aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers
https://kubernetes-sigs.github.io/aws-load-balancer-controller/
Apache License 2.0
3.83k stars 1.41k forks source link

Allow creating Ingress that forwards traffic outside of the cluster #3174

Open rkujawa opened 1 year ago

rkujawa commented 1 year ago

Is your feature request related to a problem? I'd like to be able to create Ingress that forwards traffic to a web service outside of Kubernetes cluster. Currently this is not possible, even if such Service itself works in Kubernetes.

Consider the following Service and Endpoints:

---
  apiVersion: v1
  kind: Service
  metadata:
    name: myservice-web
  spec:
    ports:
      - protocol: TCP
        port: 8443
        targetPort: 8443
  ---
  apiVersion: v1
  kind: Endpoints
  metadata:
    name: myservice-web
  subsets:
    - addresses:
        - ip: "2a05:..."
      ports:
        - port: 8443

Such configuration is correct from Kubernetes perspective and works just fine within the cluster (i.e. Pod is able to connect to the service using name myservice-web).

I can attempt creating an Ingress using configuration like:

---
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: myservice-web
    annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/ip-address-type: dualstack
      alb.ingress.kubernetes.io/group.name: prod2
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
  spec:
    rules:
      - host: myservice.fqdn
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: myservice-web
                  port:
                    number: 8443

Curiously, this creates an appropriate Ingress resource without errors. However corresponding EC2 Target Group is empty. I suspect this is due to all the checks for targetRef in https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/9333126df4f59554fae672a6511d5ae3fbee3171/pkg/backend/endpoint_resolver.go#L143 . As I understand, currently ALB controller can only configure balancers that forward traffic to Pods.

I know this may not be a popular use case, but my whole DevOps tooling is based around Kubernetes and it's very cumbersome to use other tools just to manage this special case. Please consider adding an option to forward traffic outside of the cluster if so the user desires.

Describe the solution you'd like Allow using Service with Endpoints that do not have targetRef set for Ingress configuration purposes.

Describe alternatives you've considered I am aware of TargetGroupBinding resource, but it does not solve my problem - I'd still need to manage whole ALB configuration outside of Kubernetes. Besides, I guess this resource also expects a target running inside of the cluster.

M00nF1sh commented 1 year ago

currently we don't support use external endpoints. We expect all endpoints to be a Pod(so we can grant inbound permission to allow traffic from ALB).

/kind feature

hunking-bs commented 7 months ago

nginx ingress

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

rkujawa commented 4 months ago

/remove-lifecycle stale

Passage of time does not cause the issue to magically get solved.

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

rkujawa commented 1 month ago

/remove-lifecycle stale

The issue exists, you insensitive clod.