Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add `kubernetes.io/role/elb:1` tag to public networks #442

Closed
artemyarulin opened this issue Jan 16, 2019 · 5 comments

Comments

@artemyarulin
Copy link

commented Jan 16, 2019

eksctl already adds tags to private subnets, but doesn't do it for public subnets. If it would add kubernetes.io/role/elb = 1 to public subnets then auto subnet discovery from ingress like aws-alb-ingress-controller would work from the box

From https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/walkthrough/echoserver/#deploy-ingress-for-echoserver

Adding tags to subnets for auto-discovery you must include the
following tags on desired subnets.

- kubernetes.io/cluster/$CLUSTER_NAME where $CLUSTER_NAME 
  is the same CLUSTER_NAME specified in the above step.
- kubernetes.io/role/internal-elb should be set to 1 or an empty tag
  value for internal load balancers.
- kubernetes.io/role/elb should be set to 1 or an empty tag value for
  internet-facing load balancers.

eksctl already does 2 from 3, would be nice to have last one covered as well.

As I can see it could be easily added in

if topology == api.SubnetTopologyPrivate {
subnet.Tags = []gfn.Tag{{
Key: gfn.NewString("kubernetes.io/role/internal-elb"),
Value: gfn.NewString("1"),
}}
}

Related issue #53

@errordeveloper

This comment has been minimized.

Copy link
Member

commented Jan 17, 2019

Yes, looks like an easy fix. I'll open a PR shortly.

@errordeveloper

This comment has been minimized.

Copy link
Member

commented Jan 17, 2019

Please note this will only be available in newly created clusters, we have eksctl utils update-cluster-stack that is capable of appending new resources to a stack, but it's strictly append-only.

See here:

// AppendNewClusterStackResource will update cluster
// stack with new resources in append-only way
func (c *StackCollection) AppendNewClusterStackResource(dryRun bool) error {
name := c.makeClusterStackName()
// NOTE: currently we can only append new resources to the stack,
// as there are a few limitations:
// - it must work with VPC that are imported as well as VPC that
// is mamaged as part of the stack;
// - CloudFormation cannot yet upgrade EKS control plane itself;

@artemyarulin

This comment has been minimized.

Copy link
Author

commented Jan 17, 2019

Thank you very much - I'll simply re-create my dev cluster 👍

@errordeveloper

This comment has been minimized.

Copy link
Member

commented Jan 17, 2019

This will be available in the next release, which we've not wrapped up yet, it will likely go out tomorrow. In the meantime, perhaps you can build from master?

@artemyarulin

This comment has been minimized.

Copy link
Author

commented Jan 17, 2019

Ah no, I'm not good with Go and for sure can wait, thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.