Ingress annotations provisions unnecessary AWS classic load balancer-CodePudding

Within my AWS EKS cluster provisioning an AWS application load balancer using annotations on the Ingress object. Additionally an unnecessary classic load balancer is being provisioned. Any ideas or best practice on how to prevent this?

resource "kubernetes_service" "api" {
  metadata {
     name = "${var.project_prefix}-api-service"
  }
  spec {
    selector = {
      app = "${var.project_prefix}-api"
    }
    port {
      name = "http"
      port        = 80
      target_port = 1337
    }
    port {
      name = "https"
      port = 443
      target_port = 1337
    }
    type = "LoadBalancer"
  }
}

resource "kubernetes_ingress" "api" {
  wait_for_load_balancer = true
  metadata {
    name = "${var.project_prefix}-api"
    annotations = {
      "kubernetes.io/ingress.class" = "alb"
      "alb.ingress.kubernetes.io/scheme" = "internet-facing"
      "alb.ingress.kubernetes.io/target-type" = "instance"
      "alb.ingress.kubernetes.io/certificate-arn" = local.api-certificate_arn
      "alb.ingress.kubernetes.io/load-balancer-name" = "${var.project_prefix}-api"
      "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\": 80}, {\"HTTPS\":443}]"
      "alb.ingress.kubernetes.io/actions.ssl-redirect" = "{\"Type\": \"redirect\", \"RedirectConfig\": { \"Protocol\": \"HTTPS\", \"Port\": \"443\", \"StatusCode\": \"HTTP_301\"}}"
    }
  }
  spec {
    backend {
      service_name = kubernetes_service.api.metadata.0.name
      service_port = 80
    }
    rule {
      http {
        path {
          path = "/*"
           backend {
            service_name = "ssl-redirect"
            service_port = "use-annotation"
          }
        }
      }
     }
  }
}

CodePudding user response：

Your LoadBalancer service is responsible for deploying the classic load balancer, and if you just need an application load balancer, is unnecessary.

resource "kubernetes_service" "api" {
  metadata {
     name = "${var.project_prefix}-api-service"
  }
  spec {
    selector = {
      app = "${var.project_prefix}-api"
    }
    port {
      name = "http"
      port        = 80
      target_port = 1337
    }
    port {
      name = "https"
      port = 443
      target_port = 1337
    }
    type = "ClusterIP"
  }
}

resource "kubernetes_ingress" "api" {
  wait_for_load_balancer = true
  metadata {
    name = "${var.project_prefix}-api"
    annotations = {
      "kubernetes.io/ingress.class" = "alb"
      "alb.ingress.kubernetes.io/scheme" = "internet-facing"
      "alb.ingress.kubernetes.io/target-type" = "instance"
      "alb.ingress.kubernetes.io/certificate-arn" = local.api-certificate_arn
      "alb.ingress.kubernetes.io/load-balancer-name" = "${var.project_prefix}-api"
      "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\": 80}, {\"HTTPS\":443}]"
      "alb.ingress.kubernetes.io/actions.ssl-redirect" = "{\"Type\": \"redirect\", \"RedirectConfig\": { \"Protocol\": \"HTTPS\", \"Port\": \"443\", \"StatusCode\": \"HTTP_301\"}}"
    }
  }
  spec {
    backend {
      service_name = kubernetes_service.api.metadata.0.name
      service_port = 80
    }
    rule {
      http {
        path {
          path = "/*"
           backend {
            service_name = "ssl-redirect"
            service_port = "use-annotation"
          }
        }
      }
     }
  }
}