{"id":15659678,"url":"https://github.com/h3poteto/aws-global-accelerator-controller","last_synced_at":"2026-04-02T18:02:24.659Z","repository":{"id":38971514,"uuid":"465240907","full_name":"h3poteto/aws-global-accelerator-controller","owner":"h3poteto","description":"A Kubernetes controller for Global Accelerators and Route53","archived":false,"fork":false,"pushed_at":"2026-03-29T15:04:17.000Z","size":761,"stargazers_count":33,"open_issues_count":11,"forks_count":10,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-29T16:36:31.051Z","etag":null,"topics":["aws","aws-global-accelerator","kubernetes","kubernetes-controller","route53"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/h3poteto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-03-02T09:35:02.000Z","updated_at":"2026-03-29T15:03:33.000Z","dependencies_parsed_at":"2026-01-06T21:07:36.428Z","dependency_job_id":null,"html_url":"https://github.com/h3poteto/aws-global-accelerator-controller","commit_stats":{"total_commits":103,"total_committers":3,"mean_commits":"34.333333333333336","dds":0.2621359223300971,"last_synced_commit":"ab6a8080793e62a1be3d688a4d03257b73810a5f"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/h3poteto/aws-global-accelerator-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h3poteto%2Faws-global-accelerator-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h3poteto%2Faws-global-accelerator-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h3poteto%2Faws-global-accelerator-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h3poteto%2Faws-global-accelerator-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/h3poteto","download_url":"https://codeload.github.com/h3poteto/aws-global-accelerator-controller/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/h3poteto%2Faws-global-accelerator-controller/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31312744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-global-accelerator","kubernetes","kubernetes-controller","route53"],"created_at":"2024-10-03T13:18:12.995Z","updated_at":"2026-04-02T18:02:24.634Z","avatar_url":"https://github.com/h3poteto.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"[![Test](https://github.com/h3poteto/aws-global-accelerator-controller/actions/workflows/test.yml/badge.svg)](https://github.com/h3poteto/aws-global-accelerator-controller/actions/workflows/test.yml)\n[![Docker](https://github.com/h3poteto/aws-global-accelerator-controller/actions/workflows/docker-publish.yml/badge.svg)](https://github.com/h3poteto/aws-global-accelerator-controller/actions/workflows/docker-publish.yml)\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/h3poteto/aws-global-accelerator-controller)](https://github.com/h3poteto/aws-global-accelerator-controller/releases)\n[![Renovate](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com)\n![GitHub](https://img.shields.io/github/license/h3poteto/aws-global-accelerator-controller)\n\n# AWS Global Accelerator Controller\nAWS Global Accelerator Controller is a controller to manage Global Accelerator for a Kubernetes cluster. The features are\n\n- Create Global Accelerator for the Network Load Balancer which is created by Service `type: LoadBalancer`.\n- Create Global Accelerator for the Application Load Balancer which is created by [aws-load-balancer-controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller/).\n- Create Route53 records associated with the Global Accelerator\n\n\n# Install\n## Install cert-manager\nThis controller has a webhook. We recommend you use SSL on your webhooks, install [cert-manager](https://cert-manager.io/) to deploy webhook with SSL.\n\n\n## Install\nYou can install this controller using helm.\n\n```\n$ helm repo add h3poteto-stable https://h3poteto.github.io/charts/stable\n$ helm install global-accelerator-controller --namespace kube-system h3poteto-stable/aws-global-accelerator-controller\n```\n\n## Setup IAM Policy\nThis controller requires these permissions, so please assign this policy to the controller pod using [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html), [kube2iam](https://github.com/jtblin/kube2iam) or [kiam](https://github.com/uswitch/kiam).\n\n```json\n{\n  \"Statement\": [\n    {\n    \"Action\": [\n      \"elasticloadbalancing:DescribeLoadBalancers\",\n      \"globalaccelerator:DescribeAccelerator\",\n      \"globalaccelerator:ListAccelerators\",\n      \"globalaccelerator:ListTagsForResource\",\n      \"globalaccelerator:TagResource\",\n      \"globalaccelerator:CreateAccelerator\",\n      \"globalaccelerator:UpdateAccelerator\",\n      \"globalaccelerator:DeleteAccelerator\",\n      \"globalaccelerator:ListListeners\",\n      \"globalaccelerator:CreateListener\",\n      \"globalaccelerator:UpdateListener\",\n      \"globalaccelerator:DeleteListener\",\n      \"globalaccelerator:DescribeEndpointGroup\",\n      \"globalaccelerator:ListEndpointGroups\",\n      \"globalaccelerator:CreateEndpointGroup\",\n      \"globalaccelerator:UpdateEndpointGroup\",\n      \"globalaccelerator:DeleteEndpointGroup\",\n      \"globalaccelerator:AddEndpoints\",\n      \"globalaccelerator:RemoveEndpoints\",\n      \"route53:ChangeResourceRecordSets\",\n      \"route53:ListHostedZones\",\n      \"route53:ListHostedzonesByName\",\n      \"route53:ListResourceRecordSets\"\n    ],\n    \"Effect\": \"Allow\",\n    \"Resource\": \"*\"\n  }\n  ],\n  \"Version\": \"2012-10-17\"\n}\n```\n\n# Usage\n## Create Global Accelerator\n\nPlease add an annotation `aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: \"true\"` to your service or ingress.\n\n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  annotations:\n    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: \"true\"\n    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp\n    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: \"true\"\n    service.beta.kubernetes.io/aws-load-balancer-type: nlb\n  name: h3poteto-test\n  namespace: default\nspec:\n  externalTrafficPolicy: Local\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: 80\n  - name: https\n    port: 443\n    protocol: TCP\n    targetPort: 443\n  selector:\n    app: h3poteto\n  sessionAffinity: None\n  type: LoadBalancer\n```\n\nNotice: If the service is not `type: LoadBalancer`, this controller does nothing.\n\nIf you use ingress, please add [aws-load-balancer-controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller/). This controller creates a Global Accelerator after an ingress Load Balancer is created.\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: h3poteto-test\n  namespace: default\n  annotations:\n    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: \"true\"\n    alb.ingress.kubernetes.io/scheme: internet-facing\nspec:\n  ingressClassName: alb\n  rules:\n  -  http:\n      paths:\n      - pathType: Prefix\n        path: \"/\"\n        backend:\n          service:\n            name: h3poteto-test\n            port:\n              number: 80\n```\n\n## Create route53 records associated with the Global Accelerator\nPlease add an annotation `aws-global-accelerator-controller.h3poteto.dev/route53-hostname` in addition to `global-accelerator-managed` annotation. And specify your hostname to the annotation.\n\n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  annotations:\n    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: \"true\"\n    aws-global-accelerator-controller.h3poteto.dev/route53-hostname: \"foo.h3poteto-test.dev\"\n    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp\n    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: \"true\"\n    service.beta.kubernetes.io/aws-load-balancer-type: nlb\n  name: h3poteto-test\n  namespace: default\nspec:\n  externalTrafficPolicy: Local\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: 80\n  - name: https\n    port: 443\n    protocol: TCP\n    targetPort: 443\n  selector:\n    app: h3poteto\n  sessionAffinity: None\n  type: LoadBalancer\n```\n\nYou can specify multiple hostnames to the annotation. In this case, both `foo.h3poteto-test.dev` and `bar.h3poteto-test.dev` set the Global Accelerator as an A record.\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: h3poteto-test\n  namespace: default\n  annotations:\n    aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed: \"true\"\n    aws-global-accelerator-controller.h3poteto.dev/route53-hostname: \"foo.h3poteto-test.dev,bar.h3poteto-test.dev\"\n    alb.ingress.kubernetes.io/scheme: internet-facing\nspec:\n  ingressClassName: alb\n  rules:\n  -  http:\n      paths:\n      - pathType: Prefix\n        path: \"/\"\n        backend:\n          service:\n            name: h3poteto-test\n            port:\n              number: 80\n```\n\n## EndpointGroupBinding\nEndpointGroupBinding is a custom resource that can connect your service (Load Balancer) to an existing Global Accelerator Endpoint Group. This will allow you to manage Global Accelerator outside of Kubernetes, and you can bind multiple services (Load Balancers) to an Global Accelerator Endpoint Group.\n\n\nAt first, please create a service with Load Balancer.\n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  annotations:\n    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp\n    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: \"true\"\n    service.beta.kubernetes.io/aws-load-balancer-type: external\n    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing\n    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip\n    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol : \"*\"\n    service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: proxy_protocol_v2.enabled=true,preserve_client_ip.enabled=true\n  name: h3poteto-test\n  namespace: default\nspec:\n  ports:\n  - name: http\n    port: 80\n    protocol: TCP\n    targetPort: 80\n  selector:\n    app: h3poteto\n  sessionAffinity: None\n  type: LoadBalancer\n\n```\n\nThen, please create an EndpointGroupBinding resource.\n\n```yaml\napiVersion: operator.h3poteto.dev/v1alpha1\nkind: EndpointGroupBinding\nmetadata:\n  name: h3poteto-test\n  namespace: default\nspec:\n  endpointGroupArn: \u003carn-to-endpoint-group\u003e\n  serviceRef:\n    name: h3poteto-test\n```\n\n# Annotations\nAnnotations for service or ingress resources.\n\n| Annotation | Values | Defaults |\n|:--------|:---------|:--------|\n|`aws-global-accelerator-controller.h3poteto.dev/global-accelerator-managed`| `true` | |\n|`aws-global-accelerator-controller.h3poteto.dev/route53-hostname`|your-host-name| |\n|`aws-global-accelerator-controller.h3poteto.dev/client-ip-preservation`| `true` | false |\n|`aws-global-accelerator-controller.h3poteto.dev/global-accelerator-name`|accelerator-name| automatically generated|\n|`aws-global-accelerator-controller.h3poteto.dev/global-accelerator-tags`|`Name=value,Env=foo`| `\"\"` |\n\n# Development\n```\n$ export KUBECONFIG=$HOME/.kube/config\n$ make install\n$ make run\n```\n\n# License\nThe software is available as open source under the terms of the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fh3poteto%2Faws-global-accelerator-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fh3poteto%2Faws-global-accelerator-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fh3poteto%2Faws-global-accelerator-controller/lists"}