Add KubernetesIngressAddOn for enhanced Ingress Management #989
Conversation
Pjv93
requested review from
aws-ia-ci,
parkand1,
shapirov103,
youngjeong46,
elamaran11 and
a team
as code owners
|
@Pjv93 do you mind adding a blueprint that we can use to validate that the addon works? |
|
@shapirov103 OFC! Here is a sample blueprint that:
Here are the annotations applied to the Ingress Controller 
Simple Ingress using test.pjv.people.aws.dev/ |
There was a problem hiding this comment.
@Pjv93 Awesome work, Thankyou for working on this change. Following are some high level feedback.
- Fix all GH action errors, i dont think the addon will compile with these errors.
make buildandmake lint - Add documentation to the addon similar to other Ingress One
- Make sure to update mkdocs and doc index for the new addon
- Recommend to add a test script for the new addon
- Add the addon to example blueprint so this can be tested with e2e.
- Also share screenshots of working addon with ALB creation etc.
lib/addons/index.ts
Outdated
| @@ -60,6 +60,7 @@ export * from './apache-airflow'; | |||
| export * from './neuron'; | |||
| export * from './eks-pod-identity-agent'; | |||
| export * from './neuron'; | |||
| export * from './kubernetes-nginx' | |||
lib/addons/kubernetes-nginx/index.ts
Outdated
| @@ -0,0 +1,112 @@ | |||
| // Import necessary AWS CDK and utility modules | |||
| import { ICertificate, Certificate } from "aws-cdk-lib/aws-certificatemanager"; | |||
lib/addons/kubernetes-nginx/index.ts
Outdated
| import * as dot from 'dot-object'; | ||
| import { dependable, supportsALL } from "../../utils"; | ||
| import { setPath } from "../../utils/object-utils"; | ||
| import { AwsLoadBalancerControllerAddOn, ClusterInfo, Values, HelmAddOn, HelmAddOnProps, HelmAddOnUserProps, GlobalResources } from "@aws-quickstart/eks-blueprints"; |
There was a problem hiding this comment.
remove GlobalResources if not used
|
Sounds good! I know it needs a lot of work but wanted to at least have some visibility on it. I will work on your comments. Thanks! |
Honestly this is great work, addon work is almost there, you just need to complete to cover all grounds. |
…es like name, chart..
… with updating mkdocs file
…ess-addon Merging updated files
added - Kubernetes Nginx: 'addons/kubernetes-nginx.md'
|
Hi @elamaran11 & @shapirov103, here is an updated blueprint to test the addon below. I have since fixed the errors from the GH Actions, Add documentation to the addon in the docs folder, and updated mkdocs and doc index for the addon. |
There was a problem hiding this comment.
@Pjv93 Nice work some minor feedback. Did you test different scenerios like different LBs, using DNS etc? Btw the addon also needs to be added to blueprints e2e stack.
@shapirov103 Overall approach looks great, please check and provide your feedback.
docs/addons/kubernetes-nginx.md
Outdated
| @@ -0,0 +1,259 @@ | |||
| # Kubernetes NGINX Add-on | |||
There was a problem hiding this comment.
Please add this md file entry in to docs/addons/index.md so it gets in to list of addons.
| @@ -8,4 +8,4 @@ const account = process.env.CDK_DEFAULT_ACCOUNT; | |||
| const region = process.env.CDK_DEFAULT_REGION; | |||
| const props = { env: { account, region } }; | |||
|
|
|||
| new BlueprintConstruct(app, props); | |||
| new BlueprintConstruct(app, props); | |||
There was a problem hiding this comment.
Why is this file checked in.
There was a problem hiding this comment.
Might have been a mistake as I was testing my own main.ts file and reverted it to the original file. Theres no difference. I think the blank line in line 12 was removed in the process.
package.json
Outdated
| @@ -19,7 +19,7 @@ | |||
| }, | |||
| "devDependencies": { | |||
| "@types/dot-object": "^2.1.6", | |||
| "@types/jest": "^29.5.11", | |||
| "@types/jest": "^29.5.12", | |||
There was a problem hiding this comment.
Is this a dependency for this addon to work?
package.json
Outdated
| @@ -31,7 +31,7 @@ | |||
| "jest": "^29.7.0", | |||
| "json-schema-to-typescript": "^13.1.1", | |||
| "lint": "^1.1.2", | |||
| "ts-jest": "^29.1.1", | |||
| "ts-jest": "^29.1.2", | |||
There was a problem hiding this comment.
Is this a dependency for this addon to work?
package.json
Outdated
| "aws-cdk-lib": "2.133.0", | ||
| "aws-cdk": "2.133.0" | ||
| "aws-cdk": "2.133.0", | ||
| "aws-cdk-lib": "2.133.0" |
There was a problem hiding this comment.
It looks like I just changed the placement of the aws-cdk above aws-cdk-lib. No real change and actually not necessary.
added kubernetes-nginx to the list of addons
changed name for uniformity.
There was a problem hiding this comment.
@Pjv93 great work and much needed functionality. Please see my comments, some are less significant than others. Happy to meet and discuss. If you could demo it, that would be even better.
mkdocs.yml
Outdated
| @@ -68,6 +68,7 @@ nav: | |||
| - Kubecost: 'addons/kubecost.md' | |||
| - Kubeflow: 'addons/kubeflow.md' | |||
| - KubeRay Operator: 'addons/kuberay-operator.md' | |||
| - Kubernetes Ingress: 'addons/kubernetes-ingress.md' | |||
There was a problem hiding this comment.
Kubernetes ingress is a very broad definition. We have to be specific that it is nginx as there are many kubernetes ingress controllers. AWS ALB ingress controller is one of the kubernetes ingress controllers.
I see you made changes to abbreviate. I suggest the following naming to make it clear to the customers (using standard nomenclature):
https://github.com/kubernetes/ingress-nginx - is the repo and project name.
Let's rename to ingress-nginx throughout. The addon name will be ingress-nginx and the entries in the doc will be the same. We will specify that the difference between ingress-nginx and nginx addon are that the former is upstream kubernetes nginx and the latter is F5.
| if (props.certificateResourceARN) { | ||
| presetAnnotations['service.beta.kubernetes.io/aws-load-balancer-ssl-ports'] = 'https'; | ||
| presetAnnotations['service.beta.kubernetes.io/aws-load-balancer-ssl-cert'] = props.certificateResourceARN; | ||
| presetAnnotations['nginx.ingress.kubernetes.io/force-ssl-redirect'] = true; |
There was a problem hiding this comment.
Should this be hardcoded?
|
|
||
|
|
||
| // Setup service annotations based on the properties provided | ||
| const presetAnnotations: any = { |
There was a problem hiding this comment.
Have you tested with network load balancer and these annotations set and external DNS?
| internetFacing: true, | ||
| targetType: 'ip', | ||
| externalDnsHostname: 'your-domain.com', | ||
| certificateResourceName: 'your-certificate-resource-name' |
There was a problem hiding this comment.
How will our test work if this is set to placeholder? Please note that this blueprint is actually executed when we run do-e2e-tests. Also I am unclear how it will co-exist with the nginx addon that is from F5.
Can you create a separate blueprint with this addon for testing in examples/examples.ts? We will need something executable before releasing.
| }; | ||
|
|
||
| // Configure SSL-related annotations if certificate resource name is provided | ||
| if (props.certificateResourceName) { |
There was a problem hiding this comment.
Style: the code block on line 188-196 is almost identical to the code block in lines 196-200.
How about you use this logic:
let certificateResourceARN = props.certificateResourceARN;
if(!certificateResourceARN && props.certificateResourceName) {
certificateResourceARN = <populate from the resource provider>;
}
if(certificateResourceARN) {
// set annotations
}
|
/do-e2e-tests |
|
/do-e2e-tests |
|
/do-e2e-tests |
|
e2e failure due to hanging LB provisioned through the ingress-nginx addon (needs more investigation, looks like LB controller was dropped before it had a chance to clean up). |
|
/do-e2e-tests |
shapirov103
dismissed
aws-ia-ci’s stale review
Test succeeded, CFN was hanging longer than usual, but removed all the resources
|
@elamaran11 & @shapirov103 Thank you both for your patience and allowing me to contribute to the eks blueprint addons! |
Issue #, if available:
*Description of changes: This PR introduces the Kubernetes Ingress Add-On class that supports additional configuration options like SSL redirection, cross-zone load balancing, and external DNS integration. The aim is to provide an extensible and configurable Ingress solution within the EKS blueprints framework.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.