aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Lack of ExternalName Service support

Open maciejmaz opened this issue 8 months ago • 4 comments

I'm creating this feature request to reopen the issue described here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1223

Is your feature request related to a problem? When you set up ALB Ingress and the service linked with this ingress is ExternalName type, the Target Group in AWS doesn't have any targets registered and the ingress returns HTTP 503 error.

Describe the solution you'd like Adding an ingress with an ExternalName service type should properly route traffic to the service. This would allow creating cross-namespace relations between Ingress and the services.

Example:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  namespace: namespace1
  labels:
    app: nginx
spec:
  containers:
  - name: nginx-container
    image: nginx:latest
    ports:
    - containerPort: 80
      protocol: TCP

---

kind: Service
apiVersion: v1
metadata:
  name: nginx-service
  namespace: namespace1
spec:
  selector:
    app: nginx
  type: ClusterIP
  ports:
  - port: 80

---

kind: Service
apiVersion: v1
metadata:
  name: nginx-service-external
  namespace: namespace2
spec:
  type: ExternalName
  externalName: nginx-service.namespace1.svc.cluster.local

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: namespace2
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/group.name: ingress
    alb.ingress.kubernetes.io/certificate-arn: <placeholder>
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-service-external
                port:
                  number: 80

Should result hosting nginx from namespace1 on ingress deployed in namespace2

Describe alternatives you've considered

  1. Switching to Nginx ingress controller
  2. Adding some nginx pod doing the proxy_pass as suggested here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1223#issuecomment-652510197

maciejmaz avatar Dec 04 '23 15:12 maciejmaz

I am facing same issue here. My setup worked fine with nginx controller in OCI. Yet, when I switched to AWS ALB. It didn't work

yalattas avatar Jan 13 '24 11:01 yalattas

Same issue, no ip addresses in target groups

holooloo avatar Jan 21 '24 14:01 holooloo

yes, same here. I don't think AWS ALB controller supports this feature.

eahangari-8x8 avatar Jan 27 '24 03:01 eahangari-8x8

Another use case for ExternalName would be to put a load balancer in front of an S3 interface endpoint: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#private-dns

This would be useful to make it easier to implement a solution like this: Hosting Internal HTTPS Static Websites with ALB, S3, and PrivateLink

For this use case the ALB controller could only support target type ip, since there wouldn't be any instance to route to. I think it should be hard coded for any extrernalname pointing outside the k8s cluster that target type is ip and just a warning event should be emitted if alb.ingress.kubernetes.io/target-type: instance is specified.

msvticket avatar Feb 03 '24 13:02 msvticket