Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EKS] [request]: Support custom TargetGroupBinding resources in auto-mode #2508

Open
aslatter opened this issue Dec 29, 2024 · 0 comments
Open

[EKS] [request]: Support custom TargetGroupBinding resources in auto-mode #2508

aslatter opened this issue Dec 29, 2024 · 0 comments
Labels
EKS Auto Mode EKS Amazon Elastic Kubernetes Service Proposed Community submitted issue

Comments

@aslatter
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request
I would like to use a pre-existing NLB with a k8s service running in an EKS-cluster with auto-mode enabled.

Which service(s) is this request for?
EKS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Because I would like my front-end Network Load Balancer to have a lifetime separate from that of the EKS control-plane, I currently provision the NLB and Target Group myself, and then directly create a TargetGroupBinding resource to register appropriate services with the NLB. This is a documented feature of the aws-load-balancer-controler here: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.11/guide/targetgroupbinding/spec/

I would like to continue this pattern with an EKS auto-mode cluster.

Following the public documentation listed above does not work because the k8s resource-group elbv2.k8s.aws/v1beta1 is not available.

There is a similar resource in eks.amazonaws.com/v1 which appears to be compatible at first, but I haven't found any documentation that what I'm doing is supported.

If I try to create a TGB in eks.amazonaws.com/v1 I get the following errors in CloudTrail for the RegisterTargets action:

User: arn:aws:sts::<my account id>:assumed-role/<my cluster role name>/aws-go-sdk-1735434588572399672 is not authorized to perform: elasticloadbalancing:RegisterTargets on resource: <my target group> because no session policy allows the elasticloadbalancing:RegisterTargets action

Presumably the role-session-policy is enforcing some constraint I don't know about (and even if I did know how to satisfy this constraint I would want some documentation or signal that this is supported).

Are you currently working around this issue?
How are you currently solving this problem? Avoiding auto-mode.

Additional context
Anything else we should know?

Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)
@aslatter aslatter added the Proposed Community submitted issue label Dec 29, 2024
@mikestef9 mikestef9 added EKS Amazon Elastic Kubernetes Service EKS Auto Mode labels Dec 29, 2024
@github-project-automation github-project-automation bot moved this to Researching in containers-roadmap Dec 29, 2024
@mikestef9 mikestef9 moved this from Researching to We're Working On It in containers-roadmap Dec 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
EKS Auto Mode EKS Amazon Elastic Kubernetes Service Proposed Community submitted issue
Projects
containers-roadmap
Status: We're Working On It
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aslatter @mikestef9