Skip to content

Commit

Permalink
implement dnsPolicy in aws-load-balancer-controller chart (kubernete…
Browse files Browse the repository at this point in the history 
…s-sigs#2324)

* add ability to set dnsPolicy in deployment

Signed-off-by: Jim Conner <snafu.x@gmail.com>

* updated test.yaml

Signed-off-by: Jim Conner <snafu.x@gmail.com>

* leaving default for dnspolicy set to blank to let k8s determine best default setting if not set in values.yaml

Signed-off-by: Jim Conner <snafu.x@gmail.com>

* fixed up per review suggestions. Use "if-then" instead of "with" expression for evaluation. Update README.md to be "ClusterFirst" instead of "Default" for dnsPolicy row.

Signed-off-by: Jim Conner <snafu.x@gmail.com>

* Update helm/aws-load-balancer-controller/test.yaml

Co-authored-by: Kishor Joshi <joshikis@amazon.com>
  • Loading branch information
@notjames @kishorj
notjames and kishorj authored Dec 4, 2021
1 parent f736deb commit 1eb38a0
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 3 deletions.
2 changes: 1 addition & 1 deletion helm/aws-load-balancer-controller/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: aws-load-balancer-controller
description: AWS Load Balancer Controller Helm chart for Kubernetes
version: 1.3.2
version: 1.3.3
appVersion: v2.3.0
home: https://github.com/aws/eks-charts
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
Expand Down
3 changes: 2 additions & 1 deletion helm/aws-load-balancer-controller/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ The default values set by the application itself can be confirmed [here](https:/
| `livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`) |
| `env` | Environment variables to set for aws-load-balancer-controller pod | None |
| `hostNetwork` | If `true`, use hostNetwork | `false` |
| `dnsPolicy` | Set dnsPolicy if required | `ClusterFirst` |
| `extraVolumeMounts` | Extra volume mounts for the pod | `[]` |
| `extraVolumes` | Extra volumes for the pod | `[]` |
| `defaultTags` | Default tags to apply to all AWS resources managed by this controller | `{}` |
Expand All @@ -212,4 +213,4 @@ The default values set by the application itself can be confirmed [here](https:/
| `enableEndpointSlices` | If enabled, controller uses k8s EndpointSlices instead of Endpoints for IP targets | `false` |
| `enableBackendSecurityGroup` | If enabled, controller uses shared security group for backend traffic | `true` |
| `backendSecurityGroup` | Backend security group to use instead of auto created one if the feature is enabled | `` |
| `disableRestrictedSecurityGroupRules` | If disabled, controller will not specify port range restriction in the backend security group rules | `false` |
| `disableRestrictedSecurityGroupRules` | If disabled, controller will not specify port range restriction in the backend security group rules | `false` |
3 changes: 3 additions & 0 deletions helm/aws-load-balancer-controller/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ spec:
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
args:
Expand Down
7 changes: 7 additions & 0 deletions helm/aws-load-balancer-controller/test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,13 @@ env:
# recommended if using the Amazon VPC CNI plugin.
hostNetwork: false

# Specifies the dnsPolicy that should be used for pods in the deployment
#
# This may need to be used to be changed given certain conditions. For instance, if one uses the cilium CNI
# with certain settings, one may need to set `hostNetwork: true` and webhooks won't work unless `dnsPolicy`
# is set to `ClusterFirstWithHostNet`. See https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy:

# extraVolumeMounts are the additional volume mounts. This enables setting up IRSA on non-EKS Kubernetes cluster
extraVolumeMounts:
- name: aws-iam-token
Expand Down
9 changes: 8 additions & 1 deletion helm/aws-load-balancer-controller/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,13 @@ env:
# recommended if using the Amazon VPC CNI plugin.
hostNetwork: false

# Specifies the dnsPolicy that should be used for pods in the deployment
#
# This may need to be used to be changed given certain conditions. For instance, if one uses the cilium CNI
# with certain settings, one may need to set `hostNetwork: true` and webhooks won't work unless `dnsPolicy`
# is set to `ClusterFirstWithHostNet`. See https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy:

# extraVolumeMounts are the additional volume mounts. This enables setting up IRSA on non-EKS Kubernetes cluster
extraVolumeMounts:
# - name: aws-iam-token
Expand Down Expand Up @@ -224,4 +231,4 @@ enableBackendSecurityGroup:
backendSecurityGroup:

# disableRestrictedSecurityGroupRules specifies whether to disable creating port-range restricted security group rules for traffic
disableRestrictedSecurityGroupRules:
disableRestrictedSecurityGroupRules:

0 comments on commit 1eb38a0

Please sign in to comment.