subnet auto-discovery can be included as part of this module

qvest-digital / terraform-kubernetes-alb-ingress-controller

Terraform module to ease deployment of the AWS ALB Ingress Controller

https://registry.terraform.io/modules/iplabs/alb-ingress-controller/kubernetes/

Mozilla Public License 2.0

57 stars 66 forks source link

subnet auto-discovery can be included as part of this module #8

Closed patradinesh closed 4 years ago

patradinesh commented 4 years ago

https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/controller/config/#subnet-auto-discovery

headcr4sh commented 4 years ago

Hey there,

I am not sure what this ticket is about. AWS subnets that are correctly tagged are auto-detected by the ALB Ingress Controller without any further configuration options.

This terraform module already grants all necessary IAM permissions to the process running the controller to ensure that tags on subnets can be read.

If I am missing the point here, I would kindly ask you to clarify your request.

Thanks for your time -Benjamin-

patradinesh commented 4 years ago

Ticket is to include the tagging of the subnets as part of the aws-alb-ingress module. kubernetes.io/role/internal-elb = 1 kubernetes.io/role/elb = 1

this seems to be an extra step for aws-alb to work out of the box, so my suggestion was to include that as part of this terraform module.

resource "aws_ec2_tag" "tag_public_subnets_aws_alb_ingress" {
  count       = length(module.network.public_subnets.ids)
  resource_id = element(module.network.public_subnets.ids.*, count.index)
  key         = "kubernetes.io/role/elb"
  value       = "1"
}

resource "aws_ec2_tag" "tag_private_subnets_aws_alb_ingress" {
  count       = length(module.network.private_subnets.ids)
  resource_id = element(module.network.private_subnets.ids.*, count.index)
  key         = "kubernetes.io/role/internal-elb"
  value       = "1"
}

headcr4sh commented 4 years ago

Hi @patradinesh,

you are of course right that tagging of the subnets is a non-optional step if you want to utilize the ALB ingress controller. I want to leave this logic out of this module, though. I think it's better fitted into the module that is responsible for creating the subnets (this is where other AWS tags that are necessary for Kubernetes interop have to be set as well!)

Reasons for not including the logic:

Subnets might be added to your cluster's VPC after the ALB ingres controller has been deployed. Therefore: it is possible that not all subnets are known at the time when deploying the ALB ingress controller
More than one ALB ingress controller may be deployed in one kubernetes cluster, but they would still share the subnets and utilize the same AWS tags

I am closing this ticket. If you fell like I have missed a must-have use-case, feel free to re-open it to restart the discussion.

Thanks for your time. -Benjamin-