https://pulumi.com logo
Powered by
c

chilly-photographer-60932

01/30/2019, 11:06 PM
From 
k8sIngress
, How do I get actual LoadBalancer in this case the 
ELB
?
g

gentle-diamond-70147

01/31/2019, 12:02 AM
Can you elaborate a bit more? Which package are you in and which resource?
c

chilly-photographer-60932

01/31/2019, 12:47 AM
I am using k8s and aws packages.
I want to get the 
ELB
that was spun up part of 
k8s
loadbalancer.
I want to attach a 
aws
cert to that loadbalancer.
f

flat-flag-46972

01/31/2019, 1:31 AM
Which ingress controller are you using? If you’re using Traefik, this is all driven via annotations on the 
Service
objects
c

chilly-photographer-60932

01/31/2019, 2:18 AM
I am using the standard ELB via istio chart.
I want to get the ELB spun for the LoadBalancer and attach a 
aws
cert.
w

white-balloon-205

01/31/2019, 2:24 AM
The last time I looked into this, my recollection was that kubernetes provided no way to find out what load balancer it had allocated in AWS. That seems like an unfortunate limitation of kubernetes if true. There may be a way to allocate the ELB yourself and ask kubernetes to use it instead of allocating it’s own though? @breezy-hamburger-69619 or @gorgeous-egg-16927 might have an idea?
f

flat-flag-46972

01/31/2019, 3:52 AM
This is getting more in depth than I really know, but our cluster has one 
Service
of type 
LoadBalancer
that creates an ELB automagically. You can throw some annotations on that 
Service
to specify protocol, port, and ACM cert ARN. The ELB is all managed by Kubernetes
w

white-balloon-205

01/31/2019, 5:06 AM
Indeed - if all you need is to be able to specify an ACM cert, you can use the annotation here: https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws The thing I believe you cannot do is ask Kubernetes what the id/arn of the loadbalancer it allocated is. But it does provide a few basic options for configuring the ELB via kubernetes annotations.
👍 1
f

flat-flag-46972

01/31/2019, 2:58 PM
Ooh right, I think you are correct. All it gives you is the URL for it, which you could turn around and query AWS for, but it’s kind of a roundabout way of getting there
b

breezy-hamburger-69619

01/31/2019, 5:09 PM
Luke’s link is the suggested path forward to getting a cert on an AWS LB that k8s spins up on a 
LoadBalancer
typed Service. However, exposing a LB-typed service like this isn’t recommended as you directly put the application out there with no form of ingress management, rate limiting, proxying benefits etc. As an alternative, consider standing up any of the Ingress Controllers offered in the community with a LB of its own, to front your services, as it’ll provide you with host & path based routing management, can terminate SSL/TLS by leveraging k8s 
Secrets
and provides OOTB functionality that your app may not natively have.
It has been brought to my attention that you are already utilizing an Ingress Controller. Therefore, I would suggest using the annotation approach
Powered by