This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

01/30/2019, 11:06 PM

This message was deleted.

gentle-diamond-70147

01/31/2019, 12:02 AM

Can you elaborate a bit more? Which package are you in and which resource?

chilly-photographer-60932

01/31/2019, 12:47 AM

I am using k8s and aws packages.

chilly-photographer-60932

01/31/2019, 12:47 AM

I want to get the

ELB

that was spun up part of

k8s

loadbalancer.

chilly-photographer-60932

01/31/2019, 12:47 AM

I want to attach a

aws

cert to that loadbalancer.

flat-flag-46972

01/31/2019, 1:31 AM

Which ingress controller are you using? If you’re using Traefik, this is all driven via annotations on the

Service

objects

chilly-photographer-60932

01/31/2019, 2:18 AM

I am using the standard ELB via istio chart.

chilly-photographer-60932

01/31/2019, 2:21 AM

https://github.com/istio/istio/tree/master/install/kubernetes/helm/istio

chilly-photographer-60932

01/31/2019, 2:22 AM

I want to get the ELB spun for the LoadBalancer and attach a

aws

cert.

white-balloon-205

01/31/2019, 2:24 AM

The last time I looked into this, my recollection was that kubernetes provided no way to find out what load balancer it had allocated in AWS. That seems like an unfortunate limitation of kubernetes if true. There may be a way to allocate the ELB yourself and ask kubernetes to use it instead of allocating it’s own though? @breezy-hamburger-69619 or @gorgeous-egg-16927 might have an idea?

flat-flag-46972

01/31/2019, 3:52 AM

This is getting more in depth than I really know, but our cluster has one

Service

of type

LoadBalancer

that creates an ELB automagically. You can throw some annotations on that

Service

to specify protocol, port, and ACM cert ARN. The ELB is all managed by Kubernetes

white-balloon-205

01/31/2019, 5:06 AM

Indeed - if all you need is to be able to specify an ACM cert, you can use the annotation here: https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws The thing I believe you cannot do is ask Kubernetes what the id/arn of the loadbalancer it allocated is. But it does provide a few basic options for configuring the ELB via kubernetes annotations.

👍 1

flat-flag-46972

01/31/2019, 2:58 PM

Ooh right, I think you are correct. All it gives you is the URL for it, which you could turn around and query AWS for, but it’s kind of a roundabout way of getting there

breezy-hamburger-69619

01/31/2019, 5:09 PM

Luke’s link is the suggested path forward to getting a cert on an AWS LB that k8s spins up on a

LoadBalancer

typed Service. However, exposing a LB-typed service like this isn’t recommended as you directly put the application out there with no form of ingress management, rate limiting, proxying benefits etc. As an alternative, consider standing up any of the Ingress Controllers offered in the community with a LB of its own, to front your services, as it’ll provide you with host & path based routing management, can terminate SSL/TLS by leveraging k8s

Secrets

and provides OOTB functionality that your app may not natively have.

breezy-hamburger-69619

01/31/2019, 5:13 PM

It has been brought to my attention that you are already utilizing an Ingress Controller. Therefore, I would suggest using the annotation approach

Open in Slack

Previous Next