I am using consul-terraform-sync to dynamically update target groups that are connected to an AWS ALB.
To do that I start my pods with the connect-inject annotation.
My problem is when transparency proxy is enabled, the target group health check does not work. does not matter if I have an explicit deny intention or not.
If I disable the transparency proxy everything works great.
I saw the annotation “consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs” which can help, but what do I do if the ALB and pods are in the same network?
I can add the ALB ip addresses with /32 but it autoscales and can add new IPs.
Is there any workaround for such scenarios?