search

kubernetes-sigs / aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers
https://kubernetes-sigs.github.io/aws-load-balancer-controller/
Apache License 2.0
3.89k stars 1.44k forks source link

Option to create public-facing LBs by default #3820

Open ICHx opened 3 weeks ago

ICHx commented 3 weeks ago

I am migrating in-tree LB controller to AWS Loadbalancer controller, and this controller requires annotation to create public-facing NLB otherwise internal is not consistent in behavior with the old Classic Loadbalancers.

shraddhabang commented 2 weeks ago

Hello @ICHx , We have had internal discussion on this one. If this is standard in the community to create a public-facing LBs, we could support this by adding a command line flag to change the default behavior of the controller to create internet-facing NLBs by default. This should be simple to implement this and we welcome any community contributions. However, we may require a security review for this one. Thank you for bringing this to our attention.

ICHx commented 1 week ago

Thanks you the reply, Also to attach our workaround for reference 

- admissionReviewVersions:
  - v1beta1
  clientConfig:
    service:
      name: aws-load-balancer-webhook-service
      namespace: kube-system
      path: /mutate-v1-service
  failurePolicy: Fail
  name: mservice.elbv2.k8s.aws
  objectSelector:
    matchExpressions:
    - key: app.kubernetes.io/name
      operator: NotIn
      values:
      - aws-load-balancer-controller
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    resources:
    - services
  sideEffects: None

We commented out this webhook from the deploy manifest, then only explicitly defined LBs would become NLB, otherwise Classic