[aws-eks] AWS load balancer controller support #8836
Description
It's a common use case to deploy ALB ingress controller on EKS, it would be helpful to support it in L2 class level.
Use Case
Deploy ALB ingress controller for using ALB to deploy ingress of K8S.
Proposed Solution
Might implement a new L2 class ALBIngressController like below,
import * as yaml from 'js-yaml';
import * as request from 'sync-request';
export interface ALBIngressControllerProps {
readonly cluster: Cluster;
readonly version: string;
readonly vpcId: string;
}
class ALBIngressController extends Construct {
constructor(scope: Construct, id: string, props: ALBIngressControllerProps) {
const albBaseResourceBaseUrl = `https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/${props.version}/docs/examples/`;
const albIngressControllerPolicyUrl = `${albBaseResourceBaseUrl}iam-policy.json`;
const albNamespace = 'kube-system';
const albServiceAccount = props.cluster.addServiceAccount('alb-ingress-controller', {
name: 'alb-ingress-controller',
namespace: albNamespace,
});
const policyJson = request('GET', albIngressControllerPolicyUrl).getBody();
((JSON.parse(policyJson))['Statement'] as []).forEach((statement, idx, array) => {
albServiceAccount.addToPolicy(iam.PolicyStatement.fromJson(statement));
});
const rbacRoles = yaml.safeLoadAll(request('GET', `${albBaseResourceBaseUrl}rbac-role.yaml`).getBody())
.filter((rbac: any) => { return rbac['kind'] != 'ServiceAccount' });
const albDeployment = yaml.safeLoad(request('GET', `${albBaseResourceBaseUrl}alb-ingress-controller.yaml`).getBody());
const albResources = props.cluster.addResource('aws-alb-ingress-controller', ...rbacRoles, albDeployment);
const albResourcePatch = new eks.KubernetesPatch(this, `alb-ingress-controller-patch-${props.version}`, {
cluster,
resourceName: "deployment/alb-ingress-controller",
resourceNamespace: albNamespace,
applyPatch: {
spec: {
template: {
spec: {
containers: [
{
name: 'alb-ingress-controller',
args: [
'--ingress-class=alb',
'--feature-gates=wafv2=false',
`--cluster-name=${props.cluster.clusterName}`,
`--aws-vpc-id=${props.vpcId}`,
`--aws-region=${stack.region}`,
]
}
]
}
}
}
},
restorePatch: {
spec: {
template: {
spec: {
containers: [
{
name: 'alb-ingress-controller',
args: [
'--ingress-class=alb',
'--feature-gates=wafv2=false',
`--cluster-name=${props.cluster.clusterName}`,
]
}
]
}
}
}
},
});
albResourcePatch.node.addDependency(albResources);
}
}Other
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request