search

zalando-incubator / kube-ingress-aws-controller

Configures AWS Load Balancers according to Kubernetes Ingress resources
MIT License
375 stars 84 forks source link

Document all annotations and flags #255

Open szuecs opened 5 years ago

szuecs commented 5 years ago

All features via annotations and flags should be documented

Sanwel commented 5 years ago

Hello All,

Is there any options to change default ELBSecurityPolicy? I rebuild docker image with changing these two files:

And it had no effect

How can I change it for example to ELBSecurityPolicy-TLS-1-2-Ext-2018-06?

szuecs commented 5 years ago

Did you tried the flag: -ssl-policy=ELBSecurityPolicy-TLS-1-2-Ext-2018-06?

Sanwel commented 5 years ago

No, I'll try it now, thank you so much!

alstolten commented 4 years ago

Hi team, is there a possibility to change the name of the default security group when starting the controller? Similar to CUSTOM_FILTERS that are already used for instance discovery (see https://github.com/zalando-incubator/kube-ingress-aws-controller#aws-tags). Reason is I want to operate the controller on a given cluster, where the tag is already used, but with a different value.

I wanted to ask first before I fork the repo.

Best regards, Alessandro

szuecs commented 4 years ago

@alstolten there are 2 Tags as far as I read the docs. Maybe I don't understand the question, but there is the cluster tag and the controller tag. I would expect that you can set the controller tag to a chosen controller ID like it's documented.

kubernetes.io/cluster/<cluster-id>=owned
kubernetes:application=<controller-id>, controller-id defaults to kube-ingress-aws-controller and can be set by flag --controller-id=<my-ctrl-id>.

So you can start the controller with --controller-id=<my-ctrl-id> and set the SG via Tag kubernetes:application=<controller-id>.

alstolten commented 4 years ago

@szuecs yes I understand that. However the question is if there is a way to change the security group tag, as my problem is that the tag:key kubernetes.io/cluster/<cluster-id> is already present for my SG and I can not change the value of it. For describing the EC2 instances that is not a problem, as I can specify:

- name: CUSTOM_FILTERS
value: tag:kubernetes.io/cluster/<cluster-id>=1 tag:kubernetes.io/role/node=1

see: https://github.com/zalando-incubator/kube-ingress-aws-controller#how-it-works

Is there a way to let the controller know the tag:key pairs for the security group in a similar manner?

mikkeloscar commented 4 years ago

Is there a way to let the controller know the tag:key pairs for the security group in a similar manner?

I don't think we support this at the moment. What is the issue? You want to attach a security group from another cluster? Or is it marked as shared and should be used by multiple clusters?

alstolten commented 4 years ago

Yes I want to attach it to a security group of a given cluster, where the specific tag is already in use and filled with another value.

mikkeloscar commented 4 years ago

Right now we filter for kubernetes.io/cluster/<cluster-id>=owned but it would make sense to also support kubernetes.io/cluster/<cluster-id>=shared. Would this work for you or do you have a tag: kubernetes.io/cluster/<cluster-id> with another value than owned or shared?

alstolten commented 4 years ago

@mikkeloscar unfortunately I do have a tag with another value than owned or shared. (Precisly the value is 1, but I suspect that might change at some point in time, so having flexibility here, as with the CUSTOM_FILTERS would be nice).