New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AWS managed ingress option #3556

Closed

razvan-moj opened this issue Feb 21, 2022 · 0 comments

Labels

aged-out risk-driven-engineering spike

Contributor

razvan-moj commented Feb 21, 2022 •

edited by AntonyBishop

Loading

Background

We have various issues with nginx due to slow fixes (owasp-modsecurity/ModSecurity-nginx#170), painful upgrades (https://github.com/ministryofjustice/cloud-platform-ingress-migrator) and lack of integration with other networking tools (AWS Shield)

Approach

Create tf module that deploys https://kubernetes-sigs.github.io/aws-load-balancer-controller

Questions / Assumptions

We can use https://github.com/aws/eks-charts/tree/master/stable/aws-load-balancer-controller chart and IRSA

Do we still have a problem with number of rules / targets / LBs ?
How would moving to managed ingress reduce risk around blast radius?
How would upgrades work?
What control do we lose by moving to managed ingress

Definition of done

Module created, running on a test cluster
Check if the 3 issues mentioned are fixed

AntonyBishop added the next-sprint label

AntonyBishop added spike and removed next-sprint labels

AntonyBishop added the risk-driven-engineering label

AntonyBishop added the aged-out label

AntonyBishop closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment