Hi @andrewstucki,
After reading your explaination and the attached links, I did try today to recreate the API Gateway but unfortunately I am still not able to modify the behavior of the provisioned Load Balancer
first I added the copyAnnotations to the consul helm chart values
helm/consul.yml
...
apiGateway:
enabled: true
image: hashicorp/consul-api-gateway:0.4.0
managedGatewayClass:
enabled: true
copyAnnotations:
service:
annotations: |
- external-dns.alpha.kubernetes.io/hostname
- service.beta.kubernetes.io/aws-load-balancer-name
- service.beta.kubernetes.io/aws-load-balancer-type
- service.beta.kubernetes.io/aws-load-balancer-nlb-target-type
- service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout
- service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval
upgrade the helm chart
helm upgrade consul hashicorp/consul --namespace consul -f helm/consul.yml
then, I’ve created a costume API Gateway class with a list of allowed Annotations
kubectl apply -f CostumeGatewayClass.yaml
CostumeGatewayClass.yaml
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
name: test-gateway-class
spec:
controllerName: "hashicorp.com/consul-api-gateway-controller"
parametersRef:
group: api-gateway.consul.hashicorp.com
kind: GatewayClassConfig
name: test-gateway-class-config
description: test gateway
---
apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
finalizers:
- gateway-class-exists-finalizer.api-gateway.consul.hashicorp.com
generation: 2
labels:
app: consul
component: api-gateway
name: test-gateway-class-config
spec:
consul:
authentication:
managed: true
method: consul-k8s-auth-method
ports:
grpc: 8502
http: 8501
scheme: https
copyAnnotations:
service:
- external-dns.alpha.kubernetes.io/hostname
- service.beta.kubernetes.io/aws-load-balancer-name
- service.beta.kubernetes.io/aws-load-balancer-type
- service.beta.kubernetes.io/aws-load-balancer-nlb-target-type
- service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout
- service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval
deployment:
defaultInstances: 1
maxInstances: 8
minInstances: 1
image:
consulAPIGateway: hashicorp/consul-api-gateway:0.4.0
envoy: envoyproxy/envoy:v1.22.4
logLevel: trace
serviceType: LoadBalancer
and finally I create the API Gateway with the needed Annotations and reference to the custom API Gateway Class
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: api-gateway
namespace: consul
annotations:
service.beta.kubernetes.io/aws-load-balancer-name: "test-nlb"
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: "50"
spec:
gatewayClassName: test-gateway-class
listeners:
- protocol:
port: 8443
name: https
allowedRoutes:
namespaces:
from: Selector
selector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: In
values:
- brain
- consul
- vault
tls:
certificateRefs:
- name: consul-server-cert
The Load Balancer is being created but it does not seem to take the values from the Annotations. as you can see in the picture the name and healthcheck-timeout did not change.
I am not sure if I am making a silly mistake somewhere by puting the wrong quotation or indentations. Any help is appreciated.