aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Option to create public-facing LBs by default

Open ICHx opened this issue 1 year ago • 3 comments

I am migrating in-tree LB controller to AWS Loadbalancer controller, and this controller requires annotation to create public-facing NLB otherwise internal is not consistent in behavior with the old Classic Loadbalancers.

ICHx avatar Aug 23 '24 22:08 ICHx

Hello @ICHx , We have had internal discussion on this one. If this is standard in the community to create a public-facing LBs, we could support this by adding a command line flag to change the default behavior of the controller to create internet-facing NLBs by default. This should be simple to implement this and we welcome any community contributions. However, we may require a security review for this one. Thank you for bringing this to our attention.

shraddhabang avatar Aug 28 '24 22:08 shraddhabang

Thanks you the reply, Also to attach our workaround for reference

- admissionReviewVersions:
  - v1beta1
  clientConfig:
    service:
      name: aws-load-balancer-webhook-service
      namespace: kube-system
      path: /mutate-v1-service
  failurePolicy: Fail
  name: mservice.elbv2.k8s.aws
  objectSelector:
    matchExpressions:
    - key: app.kubernetes.io/name
      operator: NotIn
      values:
      - aws-load-balancer-controller
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    resources:
    - services
  sideEffects: None

We commented out this webhook from the deploy manifest, then only explicitly defined LBs would become NLB, otherwise Classic

ICHx avatar Sep 04 '24 00:09 ICHx

/assign

phuhung273 avatar Oct 19 '24 01:10 phuhung273

Hi @phuhung273 , is there a plan to add this flag to helm chart? thanks

ICHx avatar Jan 11 '25 20:01 ICHx