By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ALB rules disappear when alternating kubectl and terraform

0

Months ago I created a Load Balancer Controller ingress with two listeners, 80 and 443, using a Kubernetes manifest. Port 80 has a number of rules attached to it, and port 443 has only one rule attached. The rules forward to target groups based on pods in EKS. This has worked fine.

Just before summer I added some rules to the 443-listener using a terraform script. These rules forward to a target group defined for a network load balancer. During summer and until now this has also worked fine.

So, the problem: if I deploy a new application in EKS using the same load balancer with a new port 80 rule, the terraform-created 443-rules disappears. This also happens if I delete the ingress for one of the 80-rules using kubectl delete. After such new-application or delete operation I have to re-apply the terraform script to get the 443-rules back in. The main question is; what needs to be done in order to make the terraform-generated 443-rules persist? Any help shedding a light on whats going on, or even better, helping me solve the problem will be highly appreciated.

Best regards globus68-2

Topics
Containers
Tags
Amazon Elastic Kubernetes ServiceApplication Load Balancer
Language
English
globus68-2
asked 2 years ago328 views
1 Answer
1

The rules need to have a single threaded owner. What you are seeing is two different Infrastructure as Code mechanism overwriting each others changes. I would recommend managing the listener rules and the NLB itself completely in Terraform and then using the Load Balancer Controllers TargetGroupBinding to manage the target groups. This way your listener rules would be controlled from a single source of truth but still integrates with EKS.

profile pictureAWS
EXPERT
Toni_S
answered 2 years ago
  • globus68-2
    2 years ago

    Thank you, Toni_S! Your answer makes sense, and I will give it a shot rewriting our CICD. If I am interpreting your answer correctly I will 1) Create the application load balancer, target groups and rules using Terraform and 2) Use the ARN from the different target groups in "targetGroupARN" in a TargetGroupBinding for each application when deploying applications in EKS. Please correct me if my interpretation is wrong

  • Toni_S EXPERT
    2 years ago

    You understood my description correctly globus68-2.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content