Skip to content

Allow Listeners to have configurable Service annotations #331

New issue
New issue
Open
Open
Allow Listeners to have configurable Service annotations#331
@NickLarsenNZ

Description

@NickLarsenNZ
NickLarsenNZ
opened on Aug 21, 2025

In some cases, Service annotations are required.
These can currently be set on the ListenerClass, but not via the Listener itself.

Ideally, the ListenerClass would have annotations that apply broadly to the Services created by the Listener of that class. Then more specific annotations should be set on the Listener itself.

Example

Broad annotations set:

apiVersion: listeners.stackable.tech/v1alpha1
kind: ListenerClass
metadata:
  name: aws-ec2-nlb-public
spec:
  ...
  # 👇 Broad set of annotations
  serviceAnotations:
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip # Forward directly through node to Pod IP instead of an L3 hop/NAT through the node.
    service.beta.kubernetes.io/aws-load-balancer-attributes: >-
      proxy_protocol_v2.enabled=true

Specific annotation set:

kind: Listener
metadata:
  name: the-nifi-listener
spec:
  className: aws-nlb-tls-public
  # 👇 New: annotations specific to this listener instance
  serviceAnnotations:
    external-dns.alpha.kubernetes.io/hostname: app.internal.example.com
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-central-1:123456789012:certificate/4e12c4fe-eed9-48db-98d8-820b6b50ace4
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "8443"

The resulting Service should look like:

apiVersion: v1
kind: Service
metadata:
  name: nifi-listener
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.internal.example.com
    service.beta.kubernetes.io/aws-load-balancer-attributes: proxy_protocol_v2.enabled=true
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-central-1:123456789012:certificate/4e12c4fe-eed9-48db-98d8-820b6b50ace4
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "8443"
spec:
  ...

From here, listenerOverrides should be configurable from the product resources (eg: NifiCluster).

Important

See also: #330

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions