https://github.com/monder/service-target-group
Kubernetes controller that registers service endpoints in AWS target group
https://github.com/monder/service-target-group
alb aws aws-eks aws-load-balancer aws-vpc eks ingress ingress-controller k8s kubernetes
Last synced: about 2 months ago
JSON representation
Kubernetes controller that registers service endpoints in AWS target group
- Host: GitHub
- URL: https://github.com/monder/service-target-group
- Owner: monder
- License: apache-2.0
- Created: 2018-09-11T08:41:16.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-05-12T17:31:51.000Z (about 5 years ago)
- Last Synced: 2025-02-13T15:18:14.754Z (4 months ago)
- Topics: alb, aws, aws-eks, aws-load-balancer, aws-vpc, eks, ingress, ingress-controller, k8s, kubernetes
- Language: Go
- Homepage:
- Size: 22.5 KB
- Stars: 3
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://goreportcard.com/report/github.com/monder/service-target-group)
> Kubernetes controller that registers service endpoints in AWS target group
## Summary
This project was created as an alternative to built-in [LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) and [aws-alb-ingress-controller](https://github.com/kubernetes-sigs/aws-alb-ingress-controller). Main difference from ingress controller is that it does not create any new AWS resources. It could be handy when migrating infrastructure to kubernetes and want to reuse existing load balancers that are managed elsewhere.
## Overview
This controller assumes that you have existing ALB configured with some target groups. It also requires that your pods have routable IP addresses within the VPC. This could be achived by using [vpc-cni](https://github.com/aws/amazon-vpc-cni-k8s) plugin.
Lets have a service defined as:
```yaml
kind: Service
apiVersion: v1
metadata:
name: foo
annotations:
stg.monder.cc/target-group: arn:aws:elasticloadbalancing:eu-west-1:000000000000:targetgroup/foo/bar
spec:
clusterIP: None
selector:
name: foo
ports:
- protocol: TCP
port: 3000
targetPort: 3000
```
When new pod is added and its endpoint becomes `ready`, it will be added to target group provided in annotation. When pod is removed it will automatically be removed from the group.
Kubernetes:
AWS:
**Please note that AWS target group type must be `ip`. See more [here](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-type)**
## Setup
Controller requires following [IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html):
```json
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets"
],
"Resource": "*"
},
```
Controller definition:
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: stg-controller
spec:
selector:
matchLabels:
name: stg-controller
replicas: 1
template:
metadata:
annotations:
iam.amazonaws.com/role: stg_controller
labels:
name: stg-controller
spec:
serviceAccountName: stg-controller
containers:
- name: stg-controller
image: monder/service-target-group:latest
args:
- -namespaces=default,public
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: stg-controller
rules:
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: stg-controller
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: stg-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: stg-controller
subjects:
- kind: ServiceAccount
name: stg-controller
namespace: default
```
## TODO
* Deregister all targets when kubernetes service is destroyed.