Enhance security group annotation support

[joberdick]

I have found that security groups can be selected via ingress annotation found here: https://github.com/zalando-incubator/kube-ingress-aws-controller/issues/23

My only challenge is that when using the SG name in the annotation, its not easily predictable due to the fact that we automate our SG creation with every cluster. So SG's names will be unique per cluster.

I am thinking about how this could work with tags instead.

I am aware that we can now setup a default security group in the command line argument(is this in the docs?)

In the current state, if someone specifies a SG via the annotation that is different than the default, I assume it creates a new ALB? If so, would all ingresses with the same SG annotation be put on the same ALB?

My suggestion would be to follow that logic with support for tag in addition to SG name. Any ingress with the same SG tag annotation would be on the same ALB unless the shared annotation is false.

To clarify, only one SG should have the tagged value. I could see it being an issue if multiple SG's were created with the same tag. Would need a way to only select one SG with the given tag.

I could have a false sense of how the current setup works, please correct me if so.

[joberdick]

My work around for now was to create separate ingress controller for a less restricted SG.

So users can use the a simple name of the controller of the annotation without having to know the SG by name.

[szuecs]

@joberdick It would be a nice enhancement to enable SG by ingress. I think it should have an annotation that chooses the SG to use for the ALB and decide based on this, if we have to create a new ALB or not. Does it makes sense to you?

Do you want to work on that or should we do this (right now we do not have much priority, but after the NLB I would probably work on that)?

[joberdick]

I'm not skilled in go yet.

yea, whenever you can fit it in.

Let me know if you want to talk through the details further before you pick it up.

Thanks!