Adding aws load balancer controller module #778
Conversation
ananth102
changed the title
|
I dont understand how using a policy from file vs created using terraform is different? for the char limit mentioned in the PR description and why cant this be fixed upstream in eks-blueprints-addon repo? how is this issue is specific to our usecase |
|
FYI @askulkarni2. This campaign affects everyone using eks blueprints, can you work with Ananth to find a way forward? |
One of the differences I could find was the policy in this repo using * for account id and region and the policy in blueprints using the actual account id and region. The ideal fix would be to allow for more or custom policies. |
| # IAM role for service account (IRSA) | ||
| create_role = true | ||
| set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] | ||
| role_name = try(var.role_name, "alb-controller") |
There was a problem hiding this comment.
should we add cluster name and region to this to avoid collisions?
|
FYI aws-ia/terraform-aws-eks-blueprints-addons#229 blueprints released a new version. lets use it |
Which issue is resolved by this Pull Request:
Resolves #775
Description of your changes:
Creating a custom module for the AWS Load Balancer controller. Ideally this would be present in the module by aws-ia but policy size limitations prevent it for v5 and changes aren't being accepted for v4.
I tried using v5 but ran into issues with policy sizes. This solution uses the eks blueprint addon. The same method as the actual v5 load balancer addon but with a shortened policy size.
The policy specified here has 6001 characters. The new permissions require 402 characters which makes the policy more than 6144 characters ie the character size limit. Even specifying a custom policy does not seem to work.
Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.