aws-quickstart
Add KubernetesIngressAddOn for enhanced Ingress Management
Issue #, if available:
*Description of changes: This PR introduces the Kubernetes Ingress Add-On class that supports additional configuration options like SSL redirection, cross-zone load balancing, and external DNS integration. The aim is to provide an extensible and configurable Ingress solution within the EKS blueprints framework.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
@Pjv93 do you mind adding a blueprint that we can use to validate that the addon works?
@shapirov103 OFC! Here is a sample blueprint that:
-
Sets up a Kubernetes ingress controller with specified configurations for handling ingress traffic, including load balancing settings, SSL/TLS termination, and routing.
-
Automates DNS record management based on services and ingresses within the cluster, simplifying the process of connecting domain names to dynamically provisioned resources like load balancers.
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';
import { KubernetesIngressAddOn } from '../lib/addons/kubernetes-nginx';
const app = new cdk.App();
const account = '1234567890';
const region = 'us-east-2';
const version = 'auto';
const myDomainName = "test.example.com";
// Configure the Kubernetes Ingress AddOn
const kubernetesIngressAddOn = new KubernetesIngressAddOn({
crossZoneEnabled: true,
internetFacing: true,
targetType: 'ip',
externalDnsHostname: 'example.com',
certificateResourceName: 'arn:aws:acm:us-east-2:123456789:certificate/xxxxxxxxx',
});
const addOns: Array<blueprints.ClusterAddOn> = [
new blueprints.addons.CalicoOperatorAddOn(),
new blueprints.addons.AwsLoadBalancerControllerAddOn(),
new blueprints.addons.VpcCniAddOn(),
new blueprints.addons.CoreDnsAddOn(),
new blueprints.addons.CertManagerAddOn(),
new blueprints.addons.ExternalsSecretsAddOn(),
kubernetesIngressAddOn,
new blueprints.addons.ExternalDnsAddOn({
hostedZoneResources: ["MyHostedZone1"]
})
];
const stack = blueprints.EksBlueprint.builder()
.account(account)
.region(region)
.version(version)
.resourceProvider("MyHostedZone1", new blueprints.LookupHostedZoneProvider(myDomainName))
.addOns(...addOns)
.build(app, 'eks-blueprint');
Here are the annotations applied to the Ingress Controller
helm get values k8s-ingress -n kube-system
USER-SUPPLIED VALUES:
controller:
electionID: ingress-controller-leader
ingressClassResource:
controllerValue: k8s.io/ingress-nginx
default: false
enabled: true
name: nginx
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: pjv.people.aws.dev
nginx.ingress.kubernetes.io/force-ssl-redirect: true
service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:0123456789:certificate/xxxxxx
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-type: external
targetPorts:
http: http
https: http
Simple Ingress using test.pjv.people.aws.dev/
Sounds good! I know it needs a lot of work but wanted to at least have some visibility on it. I will work on your comments. Thanks!
Sounds good! I know it needs a lot of work but wanted to at least have some visibility on it. I will work on your comments. Thanks!
Honestly this is great work, addon work is almost there, you just need to complete to cover all grounds.
Hi @elamaran11 & @shapirov103, here is an updated blueprint to test the addon below. I have since fixed the errors from the GH Actions, Add documentation to the addon in the docs folder, and updated mkdocs and doc index for the addon.
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '../lib';
const app = new cdk.App();
const account = 'xxxxxxxxxxx';
const region = 'us-east-1';
const myDomainName = "YourDomainName.com";
// Create the stack
const stack = new cdk.Stack(app, 'EksBlueprintStack', {
env: {
account: account,
region: region,
}
});
// Lookup the hosted zone by domain name
const hostedZone = cdk.aws_route53.HostedZone.fromLookup(stack, 'HostedZoneLookup', {
domainName: myDomainName,
});
const addOns: Array<blueprints.ClusterAddOn> = [
new blueprints.addons.AwsLoadBalancerControllerAddOn(),
new blueprints.addons.ExternalDnsAddOn({
hostedZoneResources: [blueprints.GlobalResources.HostedZone]
}),
new blueprints.addons.KubernetesIngressAddOn({
crossZoneEnabled: true,
internetFacing: true,
targetType: 'ip',
externalDnsHostname: myDomainName,
certificateResourceName: blueprints.GlobalResources.Certificate
}),
new blueprints.addons.CalicoOperatorAddOn(),
new blueprints.addons.VpcCniAddOn(),
new blueprints.addons.CoreDnsAddOn(),
new blueprints.addons.KubeProxyAddOn(),
new blueprints.addons.CertManagerAddOn(),
new blueprints.addons.ExternalsSecretsAddOn()
];
blueprints.EksBlueprint.builder()
.resourceProvider(blueprints.GlobalResources.HostedZone, new blueprints.ImportHostedZoneProvider(hostedZone.hostedZoneId))
.resourceProvider(blueprints.GlobalResources.Certificate, new blueprints.CreateCertificateProvider('DomainWildcardCert', `*.${myDomainName}`, blueprints.GlobalResources.HostedZone)) // referencing hosted zone for automatic DNS validation
.account(account)
.region(region)
.version("auto")
.addOns(...addOns)
.build(stack, 'EksBlueprintStack');
e2e failure due to hanging LB provisioned through the ingress-nginx addon (needs more investigation, looks like LB controller was dropped before it had a chance to clean up).
@elamaran11 & @shapirov103 Thank you both for your patience and allowing me to contribute to the eks blueprint addons!