Closed patradinesh closed 4 years ago
Hey there,
I am not sure what this ticket is about. AWS subnets that are correctly tagged are auto-detected by the ALB Ingress Controller without any further configuration options.
This terraform module already grants all necessary IAM permissions to the process running the controller to ensure that tags on subnets can be read.
If I am missing the point here, I would kindly ask you to clarify your request.
Thanks for your time -Benjamin-
Ticket is to include the tagging of the subnets as part of the aws-alb-ingress module. kubernetes.io/role/internal-elb = 1 kubernetes.io/role/elb = 1
this seems to be an extra step for aws-alb to work out of the box, so my suggestion was to include that as part of this terraform module.
resource "aws_ec2_tag" "tag_public_subnets_aws_alb_ingress" {
count = length(module.network.public_subnets.ids)
resource_id = element(module.network.public_subnets.ids.*, count.index)
key = "kubernetes.io/role/elb"
value = "1"
}
resource "aws_ec2_tag" "tag_private_subnets_aws_alb_ingress" {
count = length(module.network.private_subnets.ids)
resource_id = element(module.network.private_subnets.ids.*, count.index)
key = "kubernetes.io/role/internal-elb"
value = "1"
}
Hi @patradinesh,
you are of course right that tagging of the subnets is a non-optional step if you want to utilize the ALB ingress controller. I want to leave this logic out of this module, though. I think it's better fitted into the module that is responsible for creating the subnets (this is where other AWS tags that are necessary for Kubernetes interop have to be set as well!)
I am closing this ticket. If you fell like I have missed a must-have use-case, feel free to re-open it to restart the discussion.
Thanks for your time. -Benjamin-
https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/controller/config/#subnet-auto-discovery