Skip to content

Commit 0d5f45d

Browse files
oliviassssoliviassss
committed
update helm chart for ServiceTargetENISGTags and README
1 parent 2ce25f4 commit 0d5f45d

File tree

4 files changed

+14
-1
lines changed

4 files changed

+14
-1
lines changed

helm/aws-load-balancer-controller/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
name: aws-load-balancer-controller
33
description: AWS Load Balancer Controller Helm chart for Kubernetes
4-
version: 1.7.0
4+
version: 1.7.1
55
appVersion: v2.7.0
66
home: https://github.com/aws/eks-charts
77
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png

helm/aws-load-balancer-controller/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -264,3 +264,5 @@ The default values set by the application itself can be confirmed [here](https:/
264264
| `controllerConfig.featureGates` | set of `key: value` pairs that describe AWS load balance controller features | `{}` |
265265
| `ingressClassConfig.default` | If `true`, the ingressclass will be the default class of the cluster. | `false` |
266266
| `enableServiceMutatorWebhook` | If `false`, disable the Service Mutator webhook which makes all new services of type LoadBalancer reconciled by the lb controller | `true` |
267+
| `autoscaling` | If `autoscaling.enabled=true`, enable the HPA on the controller mainly to survive load induced failure by the calls to the `aws-load-balancer-webhook-service`. Please keep in mind that the controller pods have `priorityClassName: system-cluster-critical`, enabling HPA may lead to the eviction of other low-priority pods in the node | `false` |
268+
| `serviceTargetENISGTags` | set of `key=value` pairs of AWS tags in addition to cluster name for finding the target ENI security group to which to add inbound rules from NLBs | None |

helm/aws-load-balancer-controller/templates/deployment.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,9 @@ spec:
156156
{{- if ne .Values.defaultTargetType "instance" }}
157157
- --default-target-type={{ .Values.defaultTargetType }}
158158
{{- end }}
159+
{{- if .Values.serviceTargetENISGTags }}
160+
- --service-target-eni-security-group-tags={{ .Values.serviceTargetENISGTags }}
161+
{{- end }}
159162
{{- if or .Values.env .Values.envSecretName }}
160163
env:
161164
{{- if .Values.env}}

helm/aws-load-balancer-controller/values.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,11 @@ imagePullSecrets: []
1515
nameOverride: ""
1616
fullnameOverride: ""
1717

18+
# AWS LBC only has 1 main working pod, other pods are just standby
19+
# the purpose of enable hpa is to survive load induced failure by the calls to the aws-load-balancer-webhook-service
20+
# since the calls from kube-apiserver are sent round-robin to all replicas, and the failure policy on those webhooks is Fail
21+
# if the pods become overloaded and do not respond within the timeout that could block the creation of pods, targetgroupbindings or ingresses
22+
# Please keep in mind that the controller pods have `priorityClassName: system-cluster-critical`, enabling HPA may lead to the eviction of other low-priority pods in the node
1823
autoscaling:
1924
enabled: false
2025
minReplicas: 1
@@ -380,3 +385,6 @@ ingressClassConfig:
380385

381386
# enableServiceMutatorWebhook allows you enable the webhook which makes this controller the default for all new services of type LoadBalancer
382387
enableServiceMutatorWebhook: true
388+
389+
# serviceTargetENISGTags specifies AWS tags, in addition to the cluster tags, for finding the target ENI SG to which to add inbound rules from NLBs.
390+
serviceTargetENISGTags:

0 commit comments

Comments
 (0)