3scale-ops / aws-nlb-helper-operator Goto Github PK

Is your feature request related to a problem? Please describe.

The best approach to select resources related to a Kubernetes object generated by the AWS provider controller, is to use the tags kubernetes.io/.... populated by the controller on creation.

Describe the solution you'd like

Be able to use the kubernetes.io/cluster/${cluster-id} tag to retrieve AWS Resources once the information is available in the Kubernetes API.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context

...
func UpdateLoadBalancer(clusterIDTagKey string, serviceNameTagValue string, ...) (bool, error) {
...
tags := map[string]string{
   "kubernetes.io/service-name":   serviceNameTagValue,
    fmt.Sprintf("kubernetes.io/cluster/%s", clusterIDTagKey): "owned",
}

Not supported yet by Kubernetes, seems to be generated by the AWS provider code.

• kubernetes/kubernetes#44954
• SIG-Multicluster - Cluster ID Proposal

The make file is referencing files in the /deploy directory. It looks like the configuration yamls have been moved into separate directories based on whether or not you are using IAM ENV credentials.

Describe the bug

After changing the repo org to 3scale-ops, the circle-cli integration has been lost. Probably the best approach is to move to GItHub actions as the current CI is quite simple.

Expected behavior

CI runs as expected and release images are published to quay.

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
Being a networking operator, where you might be interested in fine tuning NLBs on different Namespaces, it would be nice not having to the deploy the operator on every Namespace where you have Services to modify, so just deploy it once with cluster scope, and being able to watch Services on any (or on specific) Namespace/s.

Describe alternatives you've considered
N/A

Additional context
Bear in mind, on some restricted scenarios like OSD, there should be some specific restrictions on cluster scope operators, so it would be nice to take it into account before implementing a solution.

Is your feature request related to a problem? Please describe.
We have a specific need to set a "special" (read: not publicly exposed) attribute on our NLB target groups. It is not commonly used, but we found this project to be the closest to a solution for us to set those attributes natively without having to run some external script to set those.

The specific key we have to set is proxy_protocol_v2.client_to_server.header_placement.

Describe the solution you'd like
Either introduce a new annotation to set this "header placement" attribute, or maybe even open this up to allow any arbitrary attribute to be set via annotation?
I know embedding JSON in attribute values can soon get ugly, but I've seen similar things on the ALB ingress controller.

Maybe an annotation like:

aws-nlb-helper.3scale.net/extra-annotations: '[{"Value": "on_first_ack", "Key": "proxy_protocol_v2.client_to_server.header_placement"}]'

We should be able to directly Unmarshal this into an []*elbv2.TargetGroupAttribute (hopefully) and log errors accordingly.

Describe alternatives you've considered
Write another operator that would do 99% of what this one does ;-)

Additional context
We are happy to contribute this, whichever way you prefer (specific annotation for this attribute or implement the "generic" annotation).

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
I would like an ARM image.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

The /deploy/iam-service-account/operator.yaml is referencing the AWS_REGION secret. This secret is only created if using the IAM env credentials deployment. This can be changed to read from a configmap or just a hard coded value in the deployment.

Is your feature request related to a problem? Please describe.
Currently it seems the operator only supports iam user credentials, It would be very helpful if the operator would support IAM roles for service accounts. We are attempting to use nginx-ingress with 'nlb' LB type via helm chart, and we would like to set the proxy_protocol_v2 attribute for a subset of the LBs. The operator would help us solve this problem but we would like to avoid creating an iam user.

Describe the solution you'd like
Perhaps the operator could add config flags for which cred type is being used, or some type of ordering(attempt iam role, fallback to aws credentials file/vars, etc).

Describe alternatives you've considered
We may just use a null_resource in tf for the time being to set it, but it is certainly not as tidy.

Is your feature request related to a problem? Please describe.

We want to publish aws-nlb-helper-operator on OperatorHub.io through OLM, so anyone can easily deploy it.

Describe the solution you'd like

Follow https://operator-framework.github.io/olm-book/ instructions to make this operator OLM "compliant" and make a pull request to include in the Community operators marketplace: https://github.com/operator-framework/community-operators/blob/master/docs/contributing.md

Describe alternatives you've considered

Manual installation using all the Kubernetes objects required by the operator (deployment, rbac, ...).

Additional context

Good example of operator contribution: operator-framework/community-operators#1934