[Feature Request] Add ALB controller about pulumi-eks HOT 10 OPEN

I just hit the need for this myself this morning, and it does seem like out of the box support for this would be really nice. I can imagine offering this as either a flag ok EKS cluster or as a separate resource that can be created separately if desired.

from pulumi-eks.

Note that the instanceRole is exposed from the component, so you should be able to attach additional RolePolicyAttachments to it after creating the cluster and before deploying the kubernetes resources.

That said, this may still be a good thing to offer an option for out of the box, as well as pointing to additional opportunities to expand the customization options on the component.

from pulumi-eks.

Any updates on this? Is there a way to upload a controller and define an ingress using eks or do we need to supply the ALB controller yaml manifest files?

from pulumi-eks.

@metral @pgavlin -- this is an important feature not a blocker! Adding clarity based on suggestions from @lukehoban

Heres my reasoning on how this will help customers as they work with EKS.

1. AWS ALB has multiple features such as certs, WAF, HTTP/2, TLS offloading, Host/Path based routing, Cross zone LB that I have seen customers need as they scale their deployments.
2. Many of these features are not supported in NLB/ELB. Many of these features are harder for customers to work with in NGINX specifically since it is not maintained by the cloud provider.
3. SIG AWS has done alpha for Ingress groups that will allow users to work with smaller # of ALBs to better organize ingresses by namespaces.

Would be great to prioritize this feature support in M25/M26 to align with AWS roadmap and also recommend optimal ways of working with ALB to our customers. This will also allow us to have tighter engagement with the AWS LB team of fantastic engineers.

from pulumi-eks.

@metral -- I will push this to examples by next week so you can unassign yourself on this one.

from pulumi-eks.

Cannot close issue without required labels: kind/, resolution/

from pulumi-eks.

Any updates on this please?

from pulumi-eks.

@jaxxstorm is this something that we can use the work in https://github.com/jaxxstorm/pulumi-aws-loadbalancercontroller/blob/main/nodejs/src/index.ts and bring this in as an out of the box adding that we can schematise and offer via this package? //cc @roothorp

from pulumi-eks.

Does Pulumi have a direct method for doing that,
And is there a tutorial available for performing these steps with Pulumi ?

By default, the Kubernetes LoadBalancer service in EKS creates a classic load balancer, which lacks a lot of great features, like WebSockets and path mapping. It's also possible to enable the Network Load Balacing using a service annotation, but not the application load balancer.

AWS also has it's own ingress controller, which cannot be enabled in cluster creation, it requires some additional steps to be installed. A tutorial can be found here.

Since this package is all about simplifying the experience of using EKS and creating a load balancer is potentially a very common task, i believe this functionality could be added here, maybe behind a flag like enableAlbController, since it adds new resources to the cluster. sweat_smile

from pulumi-eks.

The pulumi-eks maintainers have taken another look through this, and we're not sure if supporting this would be the right direction as we shouldn't be adding additional IAM roles to the node roles to maintain principle of least privilege. It would be best to leave these to our users to decide how to configure these roles. It might be helpful though for this provider to create IAM policy blueprints that can be utilized for creating the necessary roles.

from pulumi-eks.