3scale-ops / aws-nlb-helper-operator Goto Github PK
View Code? Open in Web Editor NEWSimple operator to manage AWS NLB attributes using Kubernetes Service object annotations
License: Apache License 2.0
Simple operator to manage AWS NLB attributes using Kubernetes Service object annotations
License: Apache License 2.0
Is your feature request related to a problem? Please describe.
The best approach to select resources related to a Kubernetes object generated by the AWS provider controller, is to use the tags kubernetes.io/....
populated by the controller on creation.
Describe the solution you'd like
Be able to use the kubernetes.io/cluster/${cluster-id}
tag to retrieve AWS Resources once the information is available in the Kubernetes API.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
...
func UpdateLoadBalancer(clusterIDTagKey string, serviceNameTagValue string, ...) (bool, error) {
...
tags := map[string]string{
"kubernetes.io/service-name": serviceNameTagValue,
fmt.Sprintf("kubernetes.io/cluster/%s", clusterIDTagKey): "owned",
}
Not supported yet by Kubernetes, seems to be generated by the AWS provider code.
The make file is referencing files in the /deploy
directory. It looks like the configuration yamls have been moved into separate directories based on whether or not you are using IAM ENV credentials.
Describe the bug
After changing the repo org to 3scale-ops
, the circle-cli integration has been lost. Probably the best approach is to move to GItHub actions as the current CI is quite simple.
Expected behavior
CI runs as expected and release images are published to quay.
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
Being a networking operator, where you might be interested in fine tuning NLBs on different Namespaces, it would be nice not having to the deploy the operator on every Namespace where you have Services to modify, so just deploy it once with cluster scope, and being able to watch Services on any (or on specific) Namespace/s.
Describe alternatives you've considered
N/A
Additional context
Bear in mind, on some restricted scenarios like OSD, there should be some specific restrictions on cluster scope operators, so it would be nice to take it into account before implementing a solution.
Is your feature request related to a problem? Please describe.
We have a specific need to set a "special" (read: not publicly exposed) attribute on our NLB target groups. It is not commonly used, but we found this project to be the closest to a solution for us to set those attributes natively without having to run some external script to set those.
The specific key we have to set is proxy_protocol_v2.client_to_server.header_placement
.
Describe the solution you'd like
Either introduce a new annotation to set this "header placement" attribute, or maybe even open this up to allow any arbitrary attribute to be set via annotation?
I know embedding JSON in attribute values can soon get ugly, but I've seen similar things on the ALB ingress controller.
Maybe an annotation like:
aws-nlb-helper.3scale.net/extra-annotations: '[{"Value": "on_first_ack", "Key": "proxy_protocol_v2.client_to_server.header_placement"}]'
We should be able to directly Unmarshal this into an []*elbv2.TargetGroupAttribute
(hopefully) and log errors accordingly.
Describe alternatives you've considered
Write another operator that would do 99% of what this one does ;-)
Additional context
We are happy to contribute this, whichever way you prefer (specific annotation for this attribute or implement the "generic" annotation).
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
I would like an ARM image.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The /deploy/iam-service-account/operator.yaml
is referencing the AWS_REGION
secret. This secret is only created if using the IAM env credentials deployment. This can be changed to read from a configmap or just a hard coded value in the deployment.
Is your feature request related to a problem? Please describe.
Currently it seems the operator only supports iam user credentials, It would be very helpful if the operator would support IAM roles for service accounts. We are attempting to use nginx-ingress with 'nlb' LB type via helm chart, and we would like to set the proxy_protocol_v2 attribute for a subset of the LBs. The operator would help us solve this problem but we would like to avoid creating an iam user.
Describe the solution you'd like
Perhaps the operator could add config flags for which cred type is being used, or some type of ordering(attempt iam role, fallback to aws credentials file/vars, etc).
Describe alternatives you've considered
We may just use a null_resource in tf for the time being to set it, but it is certainly not as tidy.
Is your feature request related to a problem? Please describe.
We want to publish aws-nlb-helper-operator on OperatorHub.io through OLM, so anyone can easily deploy it.
Describe the solution you'd like
Follow https://operator-framework.github.io/olm-book/ instructions to make this operator OLM "compliant" and make a pull request to include in the Community operators marketplace: https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md
Describe alternatives you've considered
Manual installation using all the Kubernetes objects required by the operator (deployment, rbac, ...).
Additional context
Good example of operator contribution: operator-framework/community-operators#1934
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.