The Problem
Some resources change often and need to be managed by developers (services, routes, redirects), some don’t (balancers, certificates, dns records).
Services are deployed via CI and from service repository when infra resources managed by infra git repositories.
Another issue is the sequence of runs:
- infrastructure goes first
- services go after.
Considering you use AWS, EKS, ALB and Route53 on one side and Helm on the other side (not very important) you probably ended up using aws-load-balancer-controller.
This assume you manage your balancers using helm/ingress k8s resource.
This creates a problem, ALB is created after infrastructure is up by terraform when you need it before to be able to link it in Route53 record.
Solution
AWS Load Balancer ingress resource has an annotation called group.name (see ingress resource spec).
Using this feature one can create load balancer via terraform and later link ingress definition with existing ALB.
module "ingress" {
source = "dasmeta/modules/aws//modules/ingress"
alb_name = "test-load-balancer"
hostname = "test-endpoint.dasmeta.com"
annotations = {
"alb.ingress.kubernetes.io/certificate-arn" = "arn:aws:acm:us-east-1:5********68:certificate/a55ee6eb****1706"
}
}
Sources to the module can be found here.
After setting up the ALB you need to push ingress resource with annotation matching alb_name specified when created the module.
alb.ingress.kubernetes.io/group.name: "test-load-balancer"
This will merge blank ALB/Ingress created by terraform with Ingress created by Helm chart.
Limitations
Watch out not to mark one balancer internal and the other one internet-facing – this will result in two different balancers.
Leave a Reply