ALB rules disappear when alternating kubectl and terraform

0

Months ago I created a Load Balancer Controller ingress with two listeners, 80 and 443, using a Kubernetes manifest. Port 80 has a number of rules attached to it, and port 443 has only one rule attached. The rules forward to target groups based on pods in EKS. This has worked fine.

Just before summer I added some rules to the 443-listener using a terraform script. These rules forward to a target group defined for a network load balancer. During summer and until now this has also worked fine.

So, the problem: if I deploy a new application in EKS using the same load balancer with a new port 80 rule, the terraform-created 443-rules disappears. This also happens if I delete the ingress for one of the 80-rules using kubectl delete. After such new-application or delete operation I have to re-apply the terraform script to get the 443-rules back in. The main question is; what needs to be done in order to make the terraform-generated 443-rules persist? Any help shedding a light on whats going on, or even better, helping me solve the problem will be highly appreciated.

Best regards globus68-2

질문됨 2년 전426회 조회
1개 답변
1

The rules need to have a single threaded owner. What you are seeing is two different Infrastructure as Code mechanism overwriting each others changes. I would recommend managing the listener rules and the NLB itself completely in Terraform and then using the Load Balancer Controllers TargetGroupBinding to manage the target groups. This way your listener rules would be controlled from a single source of truth but still integrates with EKS.

profile pictureAWS
전문가
Toni_S
답변함 2년 전
  • Thank you, Toni_S! Your answer makes sense, and I will give it a shot rewriting our CICD. If I am interpreting your answer correctly I will 1) Create the application load balancer, target groups and rules using Terraform and 2) Use the ARN from the different target groups in "targetGroupARN" in a TargetGroupBinding for each application when deploying applications in EKS. Please correct me if my interpretation is wrong

  • You understood my description correctly globus68-2.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠