How-to make use of an application load balancer with FDO Kubernetes (AWS)

Avatar
Patrick Munne
  • Updated

Introduction

By default the overrides.yamlfile used with the Helm chart creates a public network load balancer. If you would like to have an external/internal application load balancer with AWS you will need to have add some additional things to the overrides.yaml file. Also make sure you follow all the prerequisites listed in the 'Prerequisites' section below.

 

Expected Outcome

Instead of a public network load balancer you will have an application load balancer for your Terraform Enterprise environment.

 

Prerequisites

Follow the steps from the AWS documentation here for your Amazon EKS to be able to create application load balancers.


At the moment these steps involve the following. Listed below for a quick review. Please follow the official AWS documentation 

  • Have the AWS Load Balancer Controller deployed on your cluster as described here

Verify the AWS Load Balancer Controller is deployed on your cluster

kubectl get deployment -n kube-system 

NAME                                      READY  UP-TO-DATE  AVAILABLE AGE
loadbalancer-aws-load-balancer-controller 2/2    2           2         18m
  • Make sure the subnets have the correct tags as described by AWS here

Example:

 

Procedure

Add the following to your overrides.yaml file corrected with your information:

ingress:
  enabled: true
  className: "alb" # nginx
  annotations:
    alb.ingress.kubernetes.io/group.name: "tfe39-cluster-ingress"
    alb.ingress.kubernetes.io/group.order: "1000"
    alb.ingress.kubernetes.io/backend-protocol: "HTTPS"
    alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-north-1:487939283316:certificate/d3f8d60f-6171-466b-872c-874ac41371e6"
    alb.ingress.kubernetes.io/listen-ports: "[{\"HTTPS\":443}]"
    alb.ingress.kubernetes.io/scheme: "internet-facing" # internal or internet-facing
    alb.ingress.kubernetes.io/load-balancer-name: "tfe39-cluster-ingress"
  hosts:
    - host: "tfe39.aws.hashicorp.com" # 
    paths:
      - path: /
        pathType: Prefix
        serviceName: "terraform-enterprise"
        portNumber: 443
  tls: []

For the annotations details please look at the AWS document here

After installing your helm release you should find an ingress resource

kubectl get ingress -n terraform-enterprise
NAME                 CLASS HOSTS                   ADDRESS                                                       PORTS AGE
terraform-enterprise alb   tfe39.aws.hashicorp.com tfe39-cluster-ingress-1374561986.eu-north-1.elb.amazonaws.com 80    13m

 

 

Additional Information

  • At the moment of writing this document, an extra network load balancer will exist which is not being used. This is something HashiCorp is looking into.  You can manually delete this extra network load balancer. 

Articles in this section

See more

Related articles