How-to make use of an application load balancer with FDO Kubernetes (AWS)

Introduction

By default, the overrides.yaml file used with the Terraform Enterprise Helm chart creates a public network load balancer. To use an external or internal application load balancer with AWS, you must add annotations to the overrides.yaml file and meet several prerequisites.

Expected Outcome

Your Terraform Enterprise environment will use an AWS Application Load Balancer instead of a public network load balancer.

Prerequisites

Before you begin, you must configure your Amazon EKS cluster to support application load balancers. Follow the steps in the AWS documentation for Ingress traffic management with an Application Load Balancer.

These steps involve the following actions. Always refer to the official AWS documentation for the most current instructions.

1. Deploy the AWS Load Balancer Controller on your cluster as described in the AWS Load Balancer Controller documentation.

   Verify the AWS Load Balancer Controller is deployed on your cluster.

   $ kubectl get deployment -n kube-system
   ## NAME                                    READY   UP-TO-DATE   AVAILABLE   AGE
   ## loadbalancer-aws-load-balancer-controller   2/2     2            2           18m

2. Ensure the subnets have the correct tags as described in the AWS documentation for Application load balancing on Amazon EKS.

   

Procedure

Add the following configuration to your overrides.yaml file, replacing the placeholder values with your information.

service:
  type: NodePort
ingress:
  enabled: true
  className: "alb"
  annotations:
    alb.ingress.kubernetes.io/group.name: "tfe-cluster-ingress"
    alb.ingress.kubernetes.io/group.order: "1000"
    alb.ingress.kubernetes.io/backend-protocol: "HTTPS"
    alb.ingress.kubernetes.io/certificate-arn: "<YOUR_ACM_CERTIFICATE_ARN>"
    alb.ingress.kubernetes.io/listen-ports: "[{\"HTTPS\":443}]"
    alb.ingress.kubernetes.io/scheme: "internet-facing" ## internal or internet-facing
    alb.ingress.kubernetes.io/load-balancer-name: "tfe-cluster-ingress"
  hosts:
    - host: "<YOUR_TFE_HOSTNAME>"
      paths:
        - path: /
          pathType: Prefix
          serviceName: "terraform-enterprise"
          portNumber: 443
  tls: []

After installing or upgrading your Helm release, you should find an Ingress resource.

$ kubectl get ingress -n terraform-enterprise
## NAME                    CLASS   HOSTS                   ADDRESS                                                          PORTS   AGE
## terraform-enterprise    alb     tfe.example.com         tfe-cluster-ingress-1374561986.eu-north-1.elb.amazonaws.com      80      13m

Additional Information

• For more details on Ingress annotations, refer to the AWS Load Balancer Controller documentation.
• For more details on the Helm chart values for Ingress, refer to the values.yaml file in the Terraform Enterprise Helm chart repository.