diff --git a/aws-load-balancer-controller-1.6.1-gs.3.tgz b/aws-load-balancer-controller-1.6.1-gs.3.tgz new file mode 100644 index 0000000..d1b5216 Binary files /dev/null and b/aws-load-balancer-controller-1.6.1-gs.3.tgz differ diff --git a/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/README.md b/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/README.md new file mode 100644 index 0000000..f7dcf07 --- /dev/null +++ b/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/README.md @@ -0,0 +1,107 @@ +[![CircleCI](https://circleci.com/gh/giantswarm/aws-load-balancer-controller-app/tree/main.svg?style=svg)](https://circleci.com/gh/giantswarm/aws-load-balancer-controller-app/tree/main) + +# AWS Load Balancer Controller chart + +AWS Load Balancer controller Helm chart for Giant Swarm clusters + +## Introduction +[AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/) controller manages the following AWS resources +- Application Load Balancers to satisfy Kubernetes ingress objects +- Network Load Balancers to satisfy Kubernetes service objects of type LoadBalancer with appropriate annotations + +## Index +- [Prerequisites](#prerequisites) +- [Installing](#installing) +- [Configuring](#configuring) + - [values.yaml](#valuesyaml) +- [Release Process](#release-process) +- [Contributing & Reporting Bugs](#contributing--reporting-bugs) +- [Credit](#credit) + +## Prerequisites +- kiam-app installed + +The controller runs on the worker nodes, so it needs access to the AWS ALB/NLB resources via IAM permissions. The +IAM permissions can be setup through the kiam-app. + +This step is only required on clusters managed by **Cluster API**. Vintage clusters do this automatically. + +Download the recommended IAM policy for the AWS Load Balancer Controller +```bash +curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json +``` + +For a thorough explanation on how to create the IAM policy and role please refer to the [upstream charts README.md.](https://github.com/giantswarm/aws-load-balancer-controller-app/blob/main/helm/aws-load-balancer-controller/README.md) + +## Installing + +There are 3 ways to install this app onto a workload cluster. + +1. [Using our web interface](https://docs.giantswarm.io/ui-api/web/app-platform/#installing-an-app) +2. [Using our API](https://docs.giantswarm.io/api/#operation/createClusterAppV5) +3. Directly creating the [App custom resource](https://docs.giantswarm.io/ui-api/management-api/crd/apps.application.giantswarm.io/) on the management cluster. + +To automatically configure the correct KIAM annotation on the namespace, you can specify additional annotations directly in your App CR: + +Starting with [Giant Swarm Release 18.2.0](https://docs.giantswarm.io/changes/workload-cluster-releases-aws/releases/aws-v18.2.0/), aws-load-balancer-controller can be installed without specifying any additional configuration: + +```yaml +apiVersion: application.giantswarm.io/v1alpha1 +kind: App +metadata: + name: aws-load-balancer-controller + namespace: +spec: + catalog: giantswarm + kubeConfig: + inCluster: false + name: aws-load-balancer-controller + namespace: aws-load-balancer-controller + namespaceConfig: + annotations: + iam.amazonaws.com/permitted: .* + version: 1.2.1 +``` + +For all other releases, specify at least these values (Don't forget to reference your ConfigMap in the App CRs `spec.userConfig`): + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: aws-load-balancer-controller-userconfig + namespace: +data: + values: | + podAnnotations: + # don't forget to create the role and policy before trying to use them + iam.amazonaws.com/role: gs--ALBController-Role + vpcId: vpc-0c7dc1da1ca5b1819 # the VPC Id of your cluster + region: eu-west-1 # The AWS region your cluster is running in +``` + +## Configuring +Additionally to the IAM role, the region (e.g. eu-west-1) and the VPC ID are required. + +By default, a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb) is configured so the admission webhook does not become unreachable, possibly blocking scheduling other pods or cluster maintenances. + +### values.yaml +**This is an example of a values file you could upload using our web interface.** +``` +# Deployment +podAnnotations: + iam.amazonaws.com/role: AWSLoadBalancerControllerIAMRole # Will be picked up by KIAM to associate the pod with the given role +vpcId: vpc-0c7dc1da1ca5b1819 +region: eu-west-1 +``` + +See our [full reference page on how to configure applications](https://docs.giantswarm.io/app-platform/app-configuration/) for more details. + +## Contributing & Reporting Bugs +If you have suggestions for how `aws-load-balancer-controller` could be improved, or want to report a bug, open an issue! We'd love all and any contributions. + +Check out the [Contributing Guide](https://github.com/giantswarm/aws-load-balancer-controller-app/blob/main/CONTRIBUTING.md) for details on the contribution workflow, submitting patches, and reporting bugs. + +## Credit + +* https://github.com/giantswarm/aws-load-balancer-controller-app/tree/main/helm/aws-load-balancer-controller diff --git a/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/main.yaml b/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/main.yaml new file mode 100644 index 0000000..06d66a0 --- /dev/null +++ b/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/main.yaml @@ -0,0 +1,11 @@ +annotations: + application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/main.yaml + application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/README.md + application.giantswarm.io/team: phoenix + application.giantswarm.io/values-schema: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/values.schema.json +chartApiVersion: v2 +chartFile: aws-load-balancer-controller-1.6.1-gs.3.tgz +dateCreated: '2024-09-11T08:31:03.183206' +digest: 756b3be9d2648ec240346bc6c74efa1def68e499e2f35191bc828c31d0422ca3 +home: https://github.com/giantswarm/aws-load-balancer-controller-app +icon: https://s.giantswarm.io/app-icons/aws/1/dark.svg diff --git a/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/values.schema.json b/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/values.schema.json new file mode 100644 index 0000000..684ef5f --- /dev/null +++ b/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/values.schema.json @@ -0,0 +1,568 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "affinity": { + "type": "object" + }, + "awsApiEndpoints": { + "type": [ + "null", + "string" + ] + }, + "awsApiThrottle": { + "type": [ + "null", + "string" + ] + }, + "awsMaxRetries": { + "type": [ + "null", + "integer" + ] + }, + "backendSecurityGroup": { + "type": [ + "null", + "string" + ] + }, + "cluster": { + "type": "object", + "properties": { + "dnsDomain": { + "type": "string" + } + } + }, + "clusterName": { + "type": [ + "null", + "string" + ] + }, + "clusterSecretsPermissions": { + "type": "object", + "properties": { + "allowAllSecrets": { + "type": "boolean" + } + } + }, + "configureDefaultAffinity": { + "type": "boolean" + }, + "controllerConfig": { + "type": "object", + "properties": { + "featureGates": { + "type": "object" + } + } + }, + "createIngressClassResource": { + "type": "boolean" + }, + "defaultSSLPolicy": { + "type": [ + "null", + "string" + ] + }, + "defaultTags": { + "type": "object" + }, + "defaultTargetType": { + "type": "string" + }, + "deploymentAnnotations": { + "type": "object" + }, + "disableIngressClassAnnotation": { + "type": [ + "null", + "boolean" + ] + }, + "disableIngressGroupNameAnnotation": { + "type": [ + "null", + "boolean" + ] + }, + "disableRestrictedSecurityGroupRules": { + "type": [ + "null", + "boolean" + ] + }, + "dnsPolicy": { + "type": [ + "null", + "string" + ] + }, + "enableBackendSecurityGroup": { + "type": [ + "null", + "boolean" + ] + }, + "enableCertManager": { + "type": "boolean" + }, + "enableEndpointSlices": { + "type": [ + "null", + "boolean" + ] + }, + "enablePodReadinessGateInject": { + "type": [ + "null", + "boolean" + ] + }, + "enableServiceMutatorWebhook": { + "type": "boolean" + }, + "enableShield": { + "type": [ + "null", + "boolean" + ] + }, + "enableWaf": { + "type": [ + "null", + "boolean" + ] + }, + "enableWafv2": { + "type": [ + "null", + "boolean" + ] + }, + "env": { + "type": [ + "null", + "object" + ] + }, + "externalManagedTags": { + "type": "array" + }, + "extraVolumeMounts": { + "type": [ + "null", + "array" + ] + }, + "extraVolumes": { + "type": [ + "null", + "array" + ] + }, + "fullnameOverride": { + "type": "string" + }, + "global": { + "type": "object", + "properties": { + "podSecurityStandards": { + "type": "object", + "properties": { + "enforced": { + "type": "boolean" + } + } + } + } + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "ingressClass": { + "type": "string" + }, + "ingressClassConfig": { + "type": "object", + "properties": { + "default": { + "type": "boolean" + } + } + }, + "ingressClassParams": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": [ + "null", + "string" + ] + }, + "spec": { + "type": "object" + } + } + }, + "ingressMaxConcurrentReconciles": { + "type": [ + "null", + "integer" + ] + }, + "keepTLSSecret": { + "type": "boolean" + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "logLevel": { + "type": [ + "null", + "string" + ] + }, + "metricsBindAddr": { + "type": "string" + }, + "nameOverride": { + "type": [ + "null", + "string" + ] + }, + "nodeSelector": { + "type": "object" + }, + "objectSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": [ + "null", + "array" + ] + }, + "matchLabels": { + "type": [ + "null", + "object" + ] + } + } + }, + "podAnnotations": { + "type": "object" + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": "integer" + } + } + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + } + } + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "region": { + "type": [ + "null", + "string" + ] + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "imagePullSecrets": { + "type": [ + "null", + "string" + ] + }, + "name": { + "type": [ + "null", + "string" + ] + } + } + }, + "serviceAnnotations": { + "type": "object" + }, + "serviceMaxConcurrentReconciles": { + "type": [ + "null", + "integer" + ] + }, + "serviceMonitor": { + "type": "object", + "properties": { + "additionalLabels": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "namespace": { + "type": [ + "null", + "string" + ] + } + } + }, + "syncPeriod": { + "type": [ + "null", + "string" + ] + }, + "targetgroupbindingMaxConcurrentReconciles": { + "type": [ + "null", + "integer" + ] + }, + "targetgroupbindingMaxExponentialBackoffDelay": { + "type": [ + "null", + "integer" + ] + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerateNonExistentBackendAction": { + "type": [ + "null", + "string" + ] + }, + "tolerateNonExistentBackendService": { + "type": [ + "null", + "string" + ] + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "object" + }, + "updateStrategy": { + "type": "object" + }, + "verticalPodAutoscaler": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "vpcId": { + "type": [ + "null", + "string" + ] + }, + "watchNamespace": { + "type": [ + "null", + "string" + ] + }, + "webhookBindPort": { + "type": [ + "null", + "integer", + "string" + ] + }, + "webhookNamespaceSelectors": { + "type": [ + "null", + "string" + ] + }, + "webhookTLS": { + "type": "object", + "properties": { + "caCert": { + "type": [ + "null", + "string" + ] + }, + "cert": { + "type": [ + "null", + "string" + ] + }, + "key": { + "type": [ + "null", + "string" + ] + } + } + } + } +} diff --git a/index.yaml b/index.yaml index f64c58d..fdfdad6 100644 --- a/index.yaml +++ b/index.yaml @@ -1336,6 +1336,38 @@ entries: urls: - https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs2.tgz version: 1.6.1-gs2 + - annotations: + application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/main.yaml + application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/README.md + application.giantswarm.io/team: phoenix + application.giantswarm.io/values-schema: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz-meta/values.schema.json + apiVersion: v2 + appVersion: v2.6.1 + created: "2024-09-11T08:31:09.126045375Z" + description: A controller to help manage Elastic Load Balancers for a Kubernetes + cluster + digest: 756b3be9d2648ec240346bc6c74efa1def68e499e2f35191bc828c31d0422ca3 + home: https://github.com/giantswarm/aws-load-balancer-controller-app + icon: https://s.giantswarm.io/app-icons/aws/1/dark.svg + keywords: + - eks + - alb + - load balancer + - ingress + - nlb + maintainers: + - email: kishorj@users.noreply.github.com + name: kishorj + url: https://github.com/kishorj + - email: m00nf1sh@users.noreply.github.com + name: m00nf1sh + url: https://github.com/m00nf1sh + name: aws-load-balancer-controller + sources: + - https://github.com/aws/eks-charts + urls: + - https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.3.tgz + version: 1.6.1-gs.3 - annotations: application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.1.tgz-meta/main.yaml application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-catalog/aws-load-balancer-controller-1.6.1-gs.1.tgz-meta/README.md @@ -32414,4 +32446,4 @@ entries: urls: - https://giantswarm.github.io/giantswarm-catalog/zot-0.1.1.tgz version: 0.1.1 -generated: "2024-09-10T14:35:41.312979264Z" +generated: "2024-09-11T08:31:09.121677323Z"