aws-global-accelerator-controller

command module
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2023 License: Apache-2.0 Imports: 3 Imported by: 0

README

Test Docker GitHub release (latest by date) Renovate GitHub

AWS Global Accelerator Controller

AWS Global Accelerator Controller is a controller to manage Global Accelerator for a Kubenretes cluster. The features are

  • Create Global Accelerator for the Network Load Balancer which is created by Service type: LoadBalancer.
  • Create Global Accelerator for the Application Load Balancer which is created by aws-load-balancer-controller.
  • Create Route53 records associated with the Global Accelerator

Install

You can install this controller using helm.

$ helm repo add h3poteto-stable https://h3poteto.github.io/charts/stable
$ helm install global-accelerator-controller --namespace kube-system h3poteto-stable/aws-global-accelerator-controller
Setup IAM Policy

This controller requires these permissions, so please assign this policy to the controller pod using IRSA, kube2iam or kiam.

{
  "Statement": [
    {
    "Action": [
      "elasticloadbalancing:DescribeLoadBalancers",
      "globalaccelerator:DescribeAccelerator",
      "globalaccelerator:ListAccelerators",
      "globalaccelerator:ListTagsForResource",
      "globalaccelerator:TagResource",
      "globalaccelerator:CreateAccelerator",
      "globalaccelerator:UpdateAccelerator",
      "globalaccelerator:DeleteAccelerator",
      "globalaccelerator:ListListeners",
      "globalaccelerator:CreateListener",
      "globalaccelerator:UpdateListener",
      "globalaccelerator:DeleteListener",
      "globalaccelerator:ListEndpointGroups",
      "globalaccelerator:CreateEndpointGroup",
      "globalaccelerator:UpdateEndpointGroup",
      "globalaccelerator:DeleteEndpointGroup",
      "route53:ChangeResourceRecordSets",
      "route53:ListHostedZones",
      "route53:ListHostedzonesByName",
      "route53:ListResourceRecordSets"
    ],
    "Effect": "Allow",
    "Resource": "*"
  }
  ],
  "Version": "2012-10-17"
}

Usage

Create Global Accelerator

Please add an annotation aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: "yes" to your service or ingress.

apiVersion: v1
kind: Service
metadata:
  annotations:
    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: "yes"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
  name: h3poteto-test
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: h3poteto
  sessionAffinity: None
  type: LoadBalancer

Notice: If the service is not type: LoadBalancer, this controller does nothing.

If you use ingress, please add aws-load-balancer-controller. This controller creates a Global Accelerator after an ingress Load Balancer is created.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: h3poteto-test
  namespace: default
  annotations:
    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: "yes"
    alb.ingress.kubernetes.io/scheme: internet-facing
spec:
  ingressClassName: alb
  rules:
  -  http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: h3poteto-test
            port:
              number: 80
Create route53 records associated with the Global Accelerator

Please add an annotation aws-global-accelerator-controller.h3poteto.dev/route53-hostname in addition to global-ccelerator-managed annotation. And specify your hostname to the annotation.

apiVersion: v1
kind: Service
metadata:
  annotations:
    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: "yes"
    aws-global-accelerator-controller.h3poteto.dev/route53-hostname: "foo.h3poteto-test.dev"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
  name: h3poteto-test
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: h3poteto
  sessionAffinity: None
  type: LoadBalancer

You can specify multiple hostnames to the annotation. In this case, both foo.h3poteto-test.dev and bar.h3poteto-test.dev set the Global Accelerator as an A record.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: h3poteto-test
  namespace: default
  annotations:
    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: "yes"
    aws-global-accelerator-controller.h3poteto.dev/route53-hostname: "foo.h3poteto-test.dev,bar.h3poteto-test.dev"
    alb.ingress.kubernetes.io/scheme: internet-facing
spec:
  ingressClassName: alb
  rules:
  -  http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: h3poteto-test
            port:
              number: 80

Development

$ export KUBECONFIG=$HOME/.kube/config
$ go run ./main.go controller --v=4

License

The software is available as open source under the terms of the Apache License 2.0.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
cmd
e2e
pkg
leaderelection
https://github.com/kubernetes/client-go/blob/master/examples/leader-election/main.go
https://github.com/kubernetes/client-go/blob/master/examples/leader-election/main.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL