Containers-roadmap: [EKS]: Support AWS Load Balancer Controller in EKS add-ons

Created on 2 Dec 2020  路  2Comments  路  Source: aws/containers-roadmap

Add support for managing AWS Load Balancer Controller with EKS add-ons.

EKS Proposed
Source
picture leandrocostam
👍9

Most helpful comment

Here is an example of an issue we have where we find ourselves falling short between AWS & EKS with load balancers.

I would like to take advantage of VPC endpoint service to allow another AWS account to use private endpoint to talk to something running within kubernetes and not over public network.

Would look something like this:
AWS Account A [Lambda -> Private endpoint] -> Account B [ VPC endpoint service -> Internal NLB -> Kubernetes -> Service]

The problem here is kind of a chicken & egg situation that requires cluster post installs. We're not able to set up the VPC endpoint service until the NLB exists but the NLB won't exist until kubectl apply (helm install in our case) happens on the application side because that has the load balancer resource.

Our "hack around this:

  • terraform for initial infrastructure (vpc, eks, etc)
  • helm install (applications)
  • terraform post install (vpc endpoint service now that the NLB exists from the application)
picture ckdarby on 2 Dec 2020
👍3

All 2 comments

The Load Balancer Controller seems like something that should be on the controlplane rather than an add-on. Same goes for the CSI driver.

gregoryfranklin picture gregoryfranklin on 2 Dec 2020

Here is an example of an issue we have where we find ourselves falling short between AWS & EKS with load balancers.

I would like to take advantage of VPC endpoint service to allow another AWS account to use private endpoint to talk to something running within kubernetes and not over public network.

Would look something like this:
AWS Account A [Lambda -> Private endpoint] -> Account B [ VPC endpoint service -> Internal NLB -> Kubernetes -> Service]

The problem here is kind of a chicken & egg situation that requires cluster post installs. We're not able to set up the VPC endpoint service until the NLB exists but the NLB won't exist until kubectl apply (helm install in our case) happens on the application side because that has the load balancer resource.

Our "hack around this:

  • terraform for initial infrastructure (vpc, eks, etc)
  • helm install (applications)
  • terraform post install (vpc endpoint service now that the NLB exists from the application)
ckdarby picture ckdarby on 2 Dec 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

AndrewMcFarren picture AndrewMcFarren  路  3Comments
MartinDevillers picture MartinDevillers  路  3Comments
aliabas7 picture aliabas7  路  3Comments
chungath picture chungath  路  3Comments
ORESoftware picture ORESoftware  路  3Comments