https://pulumi.com logo
Join Slack
Powered by
I am trying to create vpc endpoint service using p...
# typescript
r
I am trying to create vpc endpoint service using pulumi example how to access arn of the service ? https://www.pulumi.com/docs/reference/pkg/aws/ec2/vpcendpointservice/#network-load-balancers
l
r
Sorry i mean arn of the nlb service which i will be adding in VpcEndPointService
Copy code
const configServiceSvc = new k8s.core.v1.Service(
        "config-svc",
        {
          metadata: {
            namespace: "kubernetes-dashboard",
            name: "config",
            annotations: {
              "<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>": "nlb",
              "<http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>": "true",
            },
          },
          spec: {
            type: "LoadBalancer",
            ports: [
              {
                name: "http",
                port: 8090,
                targetPort: 8090,
              },
            ],
          },
        },
        { provider: v.provider, dependsOn: namespace },
      );
I created service using above how to get arn of. this resource so that i can use in vpcendpoint service
l
Sorry, I don't know about services within k8s. I'd have guessed that you'd have to use an AWS NLB. https://www.pulumi.com/docs/reference/pkg/aws/lb/loadbalancer/#arn_nodejs
r
@little-cartoon-10569 Not specific to k8s but in general I am creating aws nlb using pulumi i want to see that the arn of the nlb after the resource is crated
want to check how to get the networkLoadBalancerArns value
Copy code
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.VpcEndpointService("example", {
    acceptanceRequired: false,
    networkLoadBalancerArns: [aws_lb.example.arn],
});
l
If you have an NLB, then use its 
arn
property.
Unfortunately, in your example, there is only a k8s load balancer service. I don't know how that creates an AWS load balancer behind the scenes (or even if it does create one at all).
If, for example, the load balancer is something inside your k8s cluster, then you're not going to be able to use it with VPC endpoints.
r
ya it creates nlb in aws
i tried arn like this but it gives error Property 'arn' does not exist on type 'Service'.
Copy code
const configServiceSvc = new k8s.core.v1.Service(
        "config-service-svc",
        {
          metadata: {
            namespace: "kubernetes-dashboard",
            name: "config-service",
            annotations: {
              "<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>": "nlb",
              "<http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>": "true",
            },
          },
          spec: {
            type: "LoadBalancer",
            ports: [
              {
                name: "http",
                port: 8090,
                targetPort: 8090,
              },
            ],
          },
        },
        { provider: v.provider, dependsOn: namespace },
      );

      const example = new aws.ec2.VpcEndpointService("example", {
        acceptanceRequired: false,
        networkLoadBalancerArns: [configServiceSvc.arn],
      });
l
In that example, there is no AWS load balancer (that I can see).
Just the one in k8s.
r
based on this annotation
Copy code
"<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>": "nlb
eks creates nlb
l
If it does create an AWS load balancer, then you'll have to import it (if Pulumi is to manage it, which it might not?) or use 
aws.alb.LoadBalancer.get()
(https://www.pulumi.com/docs/reference/pkg/aws/alb/loadbalancer/#look-up) to get it.
The object returned form 
LoadBalander.get()
has an 
arn
property which you can use.
Unfortunately, as far as I can tell, the only way to look up an existing load balancer is via its ARN. So, you may have to hard code that?
Or maybe if there's useful tags on it, you could use the AWS SDK to load all load balancers and filter by tag?
Sounds fairly laborious, either way 😞
r
but it is not existing resource it will be created when i run pulumi up when nlb gets created i want to use that nlb to create vpc endpoint service
sorry if i sound confusing 😞
l
If it's not available during the 1st run, your options are to handle not being able to find it (and let the 2nd run of up find it), or use automation-api
You may even want to separate your code into projects...
I don't suppose the opposite is possible? Where you create the LB yourself, and tell k8s to use it?
That would be easier...
r
actually it is part of cd pipeline i wont be able to manually create resources
harcoding arn works as expected
l
But that is only going to work for now.. it's a workaround until you destroy resources. If you can change the Pulumi program to create a load balancer, then change the service definition to use that load balancer, it would be more future-proof.
r
yes i am creating load balancer using pulumi program but not sure how to access arn of the load balancer
l
What I mean is: instead of creating the load balancer using 
new k8s.core.v1.Service()
, can you create it using 
new <http://aws.lb|aws.lb>.LoadBalancer()
? You can get an ARN out of that. It means you would need to create the k8s service in a way that uses that load balancer (instead of creating its own).
I'm reading the docs here and it doesn't look like this solution is supported 😞 https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html
I don't suppose the id property of the Service is the NLB arn, is it?
r
i will try id once and see what it will generate
id dint work 😞 i will try to create nlb first and then import the resource arn and use it
l
Good luck. I couldn't see any way of achieving that using the Service class, but I've never used k8s, you're the expert here 🙂
s
can you try
Copy code
const nlbHostname = configServiceSvc.status.loadBalancer
  .ingress[0].hostname

const awsAccountId = aws.getCallerIdentity().then(c => c.accountId)

const loadbalancer = LoadBalancer.get(
  "somename",
  awsLoadbalancerArn({ awsAccountId, lbHostname: nlbHostname })
)
l
That will work so long as the load balancer was created on a previous run.
If you destroy the stack and recreate, it'll mysteriously fail....
s
hmm i think the 
get
will at least wait until the service resource is created. don't remember if Pulumi waits for the nlb to be created too... I run similar code without any issues, but instead I reference a service resource from a helm chart.
l
The outputs from configServiceSvc all the way down to hostname all wait for the correct resources? That's smart. 😎
s
haha yeah i'm not totally sure if it is guaranteed to work the first time but pulumi does do things like wait for deployment replicas to be ready so it isn't far fetched to think it might wait for the nlb to be provisioned as well for a service of type LoadBalancer
r
sure i will try that and see if it works @little-cartoon-10569 @steep-toddler-94095 Thanks a lot really appreciate your inputs 🙂
p 1
Open in Slack
PreviousNext
Powered by