What’s now:
- There is an instance of consul built in AWS EKS.
- There is an instance of ingress built in AWS EKS for the visiting gateway.
- There is an instance of ALB in AWS, and ingress set calls the external rules on ALB.
- The whole structure is provisioned by terraform.
Goals:
To control the external visiting to AWS EKS by consul.
Issues:
- There is no available item in consul intentions for the AWS ALB, and don’t know how to add the AWS ALB into consul intentions.
- We can build an separated ingress gateway with consul, and then we can control the external visiting, but the AWS ELB built with consul can’t meet the requests which AWS ALB can.
I’ve looked around on these issues for a while, but seems not working for me.
If there is any more clue on this topic, that will be appreciated.
1 Like
Addition:
We tried to inject to AWS ALB, and the connect-inject has been done, but not working.
module “eks-lb-controller” {
source = “DNXLabs/eks-lb-controller/aws”
version = “0.4.1”
cluster_identity_oidc_issuer = module.eks.cluster_oidc_issuer_url
cluster_identity_oidc_issuer_arn = aws_iam_openid_connect_provider.default.arn
cluster_name = module.eks.cluster_id
settings = tomap({
image = {
repository = “602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller”
tag = “v2.3.0”
}
podAnnotations = {
“consul.hashicorp.com/connect-inject” = “true”
“consul.hashicorp.com/transparent-proxy-exclude-inbound-ports” = “80,443”
“consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs” = “192.168.0.1/16”
}
})
service_account_name = “aws-load-balancer-webhook-service”
depends_on = [
aws_iam_openid_connect_provider.default
]
}