Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace ALB annotations with IngressClassParams #2311

Open
stevehipwell opened this issue Oct 21, 2021 · 27 comments
Open

Replace ALB annotations with IngressClassParams #2311

stevehipwell opened this issue Oct 21, 2021 · 27 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@stevehipwell
Copy link
Contributor

Is your feature request related to a problem?
I'd like to be able to replace more of the alb.ingress.kubernetes.io annotations with the IngressClassParams to abstract away the ALB specification from the Ingress resources using it. I mistakenly thought that #2190 was doing this, but after re-reading I think that's just replacing the alb.ingress.kubernetes.io/load-balancer-attributes annotation.

Describe the solution you'd like
I'd like to be able to specify the following annotations in the IngressClassParams directly.

  • alb.ingress.kubernetes.io/target-type
  • alb.ingress.kubernetes.io/subnets
  • alb.ingress.kubernetes.io/listen-ports
  • alb.ingress.kubernetes.io/ssl-redirect
  • alb.ingress.kubernetes.io/inbound-cidrs
  • alb.ingress.kubernetes.io/certificate-arn

Describe alternatives you've considered
n/a
@M00nF1sh
Copy link
Collaborator

/kind feature

@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 21, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 20, 2022
@msvticket
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 20, 2022
@FernandoMiguel FernandoMiguel mentioned this issue Mar 17, 2022
Closed
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 20, 2022
@stevehipwell
Copy link
Contributor Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 20, 2022
@nikskiz
Copy link

nikskiz commented May 25, 2022

It would be nice to have spec.params.targetGroupAttributes

@nikskiz nikskiz mentioned this issue May 25, 2022
Open
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 23, 2022
@stevehipwell
Copy link
Contributor Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 23, 2022
@Nuru
Copy link

Nuru commented Oct 13, 2022

Really, I think any of the 14 annotations that are "Exclusive" (must only be set once per Group) should be configurable via IngressClass (possibly via IngressClassParams). Then we can move that configuration out of the individual services so we do not have to worry about them fighting over control of them.

As of version 2.4, the following annotations are marked "Exclusive", but only a few of them can be specified in IngressClass and most (all?) of the rest cannot be specified anywhere but via annotations. This is a poor separation of concerns.

  1. alb.ingress.kubernetes.io/load-balancer-name
  2. alb.ingress.kubernetes.io/ip-address-type
  3. alb.ingress.kubernetes.io/scheme
  4. alb.ingress.kubernetes.io/subnets
  5. alb.ingress.kubernetes.io/security-groups
  6. alb.ingress.kubernetes.io/manage-backend-security-group-rules
  7. alb.ingress.kubernetes.io/customer-owned-ipv4-pool
  8. alb.ingress.kubernetes.io/load-balancer-attributes
  9. alb.ingress.kubernetes.io/wafv2-acl-arn
  10. alb.ingress.kubernetes.io/waf-acl-id
  11. alb.ingress.kubernetes.io/shield-advanced-protection
  12. alb.ingress.kubernetes.io/ssl-redirect
  13. alb.ingress.kubernetes.io/inbound-cidrs
  14. alb.ingress.kubernetes.io/ssl-policy

Related to, but different than #2600

@kwohlfahrt
Copy link

kwohlfahrt commented Dec 22, 2022
edited
Loading

I would be particularly interested in alb.ingress.kubernetes.io/auth-* annotations being defined with class params.

That would make it easy to set up an ingress class with sensible authentication defaults for external ingresses.

@stevehipwell stevehipwell mentioned this issue Mar 8, 2023
Open
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 22, 2023
@sjmisterm
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 22, 2023
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 20, 2023
@sjmisterm
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 20, 2023
@johngmyers
Copy link
Contributor

#2920 is chipping away the ones that have Exclusive MergeBehavior. For the ones that have Merge, listen-ports has per-Ingress semantics that complicate things. certificate-arn has good reasons for specifying per-Ingress.

@visit1985
Copy link

visit1985 commented Oct 11, 2023
edited
Loading

certificate-arn has good reasons for specifying per-Ingress.

Agreed, but having a default cert in IngressClassParams would still make sense.

@omri-shilton
Copy link

is there an update on this issue?

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 16, 2024
@sjmisterm
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 16, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 15, 2024
@sjmisterm
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 15, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 13, 2024
@sjmisterm
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 13, 2024
@mikutas mikutas mentioned this issue Nov 28, 2024
Open
6 tasks
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 11, 2025
@Constantin07
Copy link

Constantin07 commented Jan 11, 2025
edited
Loading

/remove-lifecycle stale

1 similar comment
@Nuru
Copy link

Nuru commented Jan 11, 2025

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 11, 2025
@lgg42
Copy link

lgg42 commented Jan 30, 2025

Really, I think any of the 14 annotations that are "Exclusive" (must only be set once per Group) should be configurable via IngressClass (possibly via IngressClassParams). Then we can move that configuration out of the individual services so we do not have to worry about them fighting over control of them.

As of version 2.4, the following annotations are marked "Exclusive", but only a few of them can be specified in IngressClass and most (all?) of the rest cannot be specified anywhere but via annotations. This is a poor separation of concerns.

  1. alb.ingress.kubernetes.io/load-balancer-name
  2. alb.ingress.kubernetes.io/ip-address-type
  3. alb.ingress.kubernetes.io/scheme
  4. alb.ingress.kubernetes.io/subnets
  5. alb.ingress.kubernetes.io/security-groups
  6. alb.ingress.kubernetes.io/manage-backend-security-group-rules
  7. alb.ingress.kubernetes.io/customer-owned-ipv4-pool
  8. alb.ingress.kubernetes.io/load-balancer-attributes
  9. alb.ingress.kubernetes.io/wafv2-acl-arn
  10. alb.ingress.kubernetes.io/waf-acl-id
  11. alb.ingress.kubernetes.io/shield-advanced-protection
  12. alb.ingress.kubernetes.io/ssl-redirect
  13. alb.ingress.kubernetes.io/inbound-cidrs
  14. alb.ingress.kubernetes.io/ssl-policy

Related to, but different than #2600

This makes so much sense!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests