Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prow-build-cluster: deploy AWS Load Balancer Controller #4874

Merged
merged 1 commit into from
Mar 6, 2023
Merged

prow-build-cluster: deploy AWS Load Balancer Controller #4874

merged 1 commit into from
Mar 6, 2023

Conversation

xmudrii
Copy link
Member

@xmudrii xmudrii commented Mar 6, 2023

As stated in #4686, our EKS build cluster should have ability to use ALB. This PR ensures that by deploying and configuring AWS Load Balancer Controller.

This change is already reconciled and tested.

/assign @ameukam

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 6, 2023
@k8s-ci-robot k8s-ci-robot requested review from dims and thockin March 6, 2023 12:13
@k8s-ci-robot k8s-ci-robot added area/infra Infrastructure management, infrastructure design, code in infra/ size/M Denotes a PR that changes 30-99 lines, ignoring generated files. area/infra/aws Issues or PRs related to Kubernetes AWS infrastructure sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. labels Mar 6, 2023
sftim
sftim reviewed Mar 6, 2023
View reviewed changes
Copy link
Contributor

@sftim sftim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

We could tweak the values for the Helm chart.

infra/aws/terraform/prow-build-cluster/kubernetes.tf
# AWS Load Balancer Controller (ALB/NLB integration).
resource "helm_release" "aws_lb_controller" {
name = "aws-load-balancer-controller"
namespace = "kube-system"
Copy link
Contributor

@sftim sftim Mar 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I usually put the ALB load balancer controller into a less privileged namespace.

infra/aws/terraform/prow-build-cluster/kubernetes.tf
name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
value = module.aws_load_balancer_controller_irsa.iam_role_arn
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd also set:

  • resources{}
  • priorityClassName
  • image.repository
  • podDisruptionBudget.minAvailable

and explicitly manage via Terraform:

  • image.tag

Copy link
Member Author

@xmudrii xmudrii Mar 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have recommended values for:

  • resources{}
  • priorityClassName
  • podDisruptionBudget.minAvailable (I guess 1 since we have 2 replicas)

and explicitly manage via Terraform:

image.tag

Do we really need to do so? Doesn't we get that implicitly since we bind the chart version? Or they can keep the same chart version but bump the app version?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For resources, try:

resources:
  limits:
    memory: 256Mi
  requests:
    cpu: 200m
    memory: 128Mi

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What priority classes do we use in the existing cluster (on GCP)? I'd use one of them if we have some, and skip if we don't.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The image tag thing isn't essential. Setting it puts drift control even more in Terraform's hands.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On most projects like this, I'd pin image tags.

@ameukam
Copy link
Member

ameukam commented Mar 6, 2023

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 6, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ameukam, xmudrii

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 6, 2023
@k8s-ci-robot k8s-ci-robot merged commit d345223 into kubernetes:main Mar 6, 2023
@k8s-ci-robot k8s-ci-robot added this to the v1.27 milestone Mar 6, 2023
@xmudrii xmudrii deleted the prow-build-cluster-alb branch March 6, 2023 21:40
@TerryHowe TerryHowe mentioned this pull request Mar 31, 2023
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sftim sftim sftim left review comments

@TerryHowe TerryHowe TerryHowe left review comments

@dims dims Awaiting requested review from dims

@thockin thockin Awaiting requested review from thockin

Assignees

@ameukam ameukam

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/infra/aws Issues or PRs related to Kubernetes AWS infrastructure area/infra Infrastructure management, infrastructure design, code in infra/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.27
Development

Successfully merging this pull request may close these issues.
5 participants
@xmudrii @ameukam @k8s-ci-robot @TerryHowe @sftim