kube-ingress-aws-controller icon indicating copy to clipboard operation
kube-ingress-aws-controller copied to clipboard

Published 20 hours ago verified publisher icon zalando-incubator

Route53 healthcheck make sense for this project?

Open joberdick opened this issue 4 years ago • 4 comments

We are in process to solve multi-cluster ingress. External-dns project recently added support for latency records. This is a good step forward, but doesnt meet our needs fully.

When using the Zalando ingress controller, we can have many apps running on one load balancer. We want the latency records tied to those individual apps. In order to do this, we need to create a route53 healthchecks that get tied to the latency records.

There is PR that looks like its about to merge for external-dns: https://github.com/kubernetes-sigs/external-dns/pull/1288

Zalando could update ingress annotation with the healthcheck ID after creation.

Thoughts?

joberdick avatar Feb 05 '20 16:02 joberdick

I don't really know how Route53 health checks or latency records work. Could you give an example of what you would like to configure in this project such that it would solve your problem, then it's easier for me to give an opinion on how it could work.

One prerequisite is that you can create Route53 health checks via Cloudformation.

mikkeloscar avatar Feb 05 '20 19:02 mikkeloscar

Basically, we would want this controller to create a Route53 healthcheck, pointing to a configured healthcheck path (we could do this via an annotation, for example). It would create the healthcheck in Route53 which, by default, pings that endpoint every 30 seconds and if it fails twice, the healthcheck goes unhealthy. If it's tied to Route53 record, that record effectively goes "inactive".

So logic would be:

Poll for ingress objects when found, check "host" value and "kubernetes.io.healthcheck" annotation and create healthcheck for those values.

This ID can then be passed to the external-dns controller which would attach it to the records it creates.

jbilliau5668 avatar Mar 02 '20 15:03 jbilliau5668

After looking more into this it seems to me that this should rather be solved on external-dns side. This project currently don't configure Route53, so it would be a bit weird if it started to manage route53 health checks with the hostname of the ingress IMO as external-dns is handling everything else related to Route53.

What do you think?

mikkeloscar avatar Mar 03 '20 18:03 mikkeloscar

Yeah another guy tried that, apparently the main folks behind that controller don't think it belongs over there either; the guy ended up just writing his own controller, which is what we did too. We were just trying to merge the functionality into an existing one so we wouldn't need a separate controller, but alas, we have failed.

Thanks for looking into it.

jbilliau5668 avatar Mar 03 '20 20:03 jbilliau5668