Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Artifactory-ha][Helm][EKS][Fargate] Unable to provision ALB infront of NGINX #1741

Closed
IBDO opened this issue Mar 23, 2023 · 1 comment
Closed

[Artifactory-ha][Helm][EKS][Fargate] Unable to provision ALB infront of NGINX #1741

IBDO opened this issue Mar 23, 2023 · 1 comment

Comments

@IBDO
Copy link

IBDO commented Mar 23, 2023

Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT

Version of Helm and Kubernetes:
Helm: v3.9.0
EKS version: 1.24

Which chart:
artifactory-ha - v7.55.6

Which product license (Enterprise/Pro/oss):
Enterprise

What happened:
EKS Fargate does not support classic load balancers. It only supports ALBs and NLBs and we want to use ALBs.

We also need NGINX rewrite rules because ALBs support routing, but not NGINX rewrite rules. We need to use both ALBs to allow traffic into the cluster and NGINX to rewrite requests to the artifactory service.

We spin up ALBs in EKS Fargate using the AWS Load balancer controller for EKS described here:
https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html

Using the following ingress values we can get EKS to spin up an ALB:

ingress:
  enabled: true
  className: alb
  annotations:
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip

However, it points directly to the artifactory service. We need the ability to create a rule that takes in traffic from the ALB ingress, sends it to NGINX for rewrites, which then sends the requests to artifactory.

What you expected to happen:
We need the ability to provision an ALB that sends traffic to the NGINX service as opposed to a classic load balancer.

How to reproduce it (as minimally and precisely as possible):
We tried to deploy the helm chart with the following ingress:

ingress:
  enabled: true
  className: alb
  annotations:
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip

We ended up with the following ingress pointing directly to the artifactory service instead of NGINX:

# Source: artifactory-ha/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: artifactory-ha
  labels:
    app: artifactory-ha
    chart: artifactory-ha-107.55.6
    release: artifactory-ha
    heritage: Helm
  annotations:
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  defaultBackend:
    service:
      name: artifactory-ha
      port:
        number: 8082
  rules:

Anything else we need to know:
We met with the Technical Account Manager and they said to submit this issue as a bug.
@gitta-jfrog
Copy link
Collaborator

The bundled Nginx in Artifactory Helm Chart, is not designed to be used with Ingress in front.

When using Ingress, you can use ingress-nginx controller to have "rewrite" capabilities.
See example for ALB with Ingress controller - https://github.com/gitta-jfrog/kubernetes/tree/main/eks/alb/ingress-nginx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IBDO @gitta-jfrog