Hey everyone! I've been trying to use the ALB Controller with EKS to manage application load balancers. Initially, I set up a manually created ALB using Terraform and let the controller handle the target groups and other details. However, I'm finding this approach isn't working as well as I thought.
I'm looking for advice on how to properly utilize the ALB Controller to automate everything. I've already installed it and created an ingress with the required annotations, but I'm struggling with automating the inbound rules for the security group associated with the pods and node groups.
Every time I add a rule manually, I run into errors, especially when upgrading the Helm chart, as the ALB gets stuck during the deletion process due to rule dependencies.
Is it possible to only manage my own ALB while letting the ALB Controller handle target groups and listeners, or is there a better way to manage the controller itself? Would love to hear your thoughts!
4 Answers
In our work environment, we've adopted ArgoCD for deployments, including the AWS load balancer controller. We provision security groups using Terraform and then pass those IDs into ArgoCD’s cluster labels. This approach allows us to manage everything more efficiently and utilize appsets for value filling based on the provided labels. Not something you might’ve considered, but it’s been effective for us!
You have two main options here:
1. Let the ALB Controller manage everything including the Ingress and TargetGroupBinding, which in turn manages the ALB.
2. Manage the ALB and TargetGroups through Terraform while allowing the ALB Controller to only manage the TargetGroupBinding.
We transitioned from option 1 to option 2 for better control during upgrades and multi-cluster scenarios. It allows easier migrations between clusters while handling load balancers. If these factors are important for your project, this could be worth considering.
One solution is to leverage the multicluster functionality as described in the [AWS Load Balancer Controller documentation](https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/docs/guide/use_cases/multi_cluster/index.md). If you don't require an ingress but just need to bind to specific services, you can use a TargetGroupBinding to link to a target group you create with your Terraform setup. It simplifies the management while keeping everything organized.
To effectively manage the ALB and the related network resources, let the ALB Controller create and manage them through the Ingress resource as you mentioned. There’s a warning in the documentation about controlling these resources only through Ingress to prevent conflicts from manual changes. Also, ensure that your IAM roles are properly set up so the controller can create the ALB and handle configurations seamlessly. I found a good Terraform module for IRSA roles that can simplify this process.
Do you have any resources on using the ALB Controller with an existing ALB? I prefer managing my own ALB with Terraform, especially if I have multiple target groups.