Skip to content
/ service-target-group Public

Kubernetes controller that registers service endpoints in AWS target group

License

Apache-2.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

monder/service-target-group

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
reconciler
reconciler
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Docker Build Status Go Report Card MicroBadger Size GitHub

Kubernetes controller that registers service endpoints in AWS target group

Summary

This project was created as an alternative to built-in LoadBalancer and aws-alb-ingress-controller. Main difference from ingress controller is that it does not create any new AWS resources. It could be handy when migrating infrastructure to kubernetes and want to reuse existing load balancers that are managed elsewhere.

Overview

This controller assumes that you have existing ALB configured with some target groups. It also requires that your pods have routable IP addresses within the VPC. This could be achived by using vpc-cni plugin.

Lets have a service defined as:

kind: Service
apiVersion: v1
metadata:
  name: foo
  annotations:
    stg.monder.cc/target-group: arn:aws:elasticloadbalancing:eu-west-1:000000000000:targetgroup/foo/bar
spec:
  clusterIP: None
  selector:
    name: foo
  ports:
  - protocol: TCP
    port: 3000
    targetPort: 3000

When new pod is added and its endpoint becomes ready, it will be added to target group provided in annotation. When pod is removed it will automatically be removed from the group.

Kubernetes:

image 2018-10-07 at 11 23 07 am

AWS:

image 2018-10-07 at 11 21 48 am

Please note that AWS target group type must be ip. See more here

Setup

Controller requires following IAM policy:

{
    "Effect": "Allow",
    "Action": [
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticloadbalancing:RegisterTargets",
        "elasticloadbalancing:DeregisterTargets"
    ],
    "Resource": "*"
},

Controller definition:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: stg-controller
spec:
  selector:
    matchLabels:
      name: stg-controller
  replicas: 1
  template:
    metadata:
      annotations:
        iam.amazonaws.com/role: stg_controller
      labels:
        name: stg-controller
    spec:
      serviceAccountName: stg-controller
      containers:
      - name: stg-controller
        image: monder/service-target-group:latest
        args:
        - -namespaces=default,public
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: stg-controller
rules:
- apiGroups: [""]
  resources: ["services", "endpoints"]
  verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: stg-controller
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: stg-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: stg-controller
subjects:
- kind: ServiceAccount
  name: stg-controller
  namespace: default

TODO

  • Deregister all targets when kubernetes service is destroyed.

About

Kubernetes controller that registers service endpoints in AWS target group

Topics

kubernetes aws ingress k8s ingress-controller alb aws-vpc aws-load-balancer aws-eks eks

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

3 tags

Packages

No packages published

Languages