Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: TargetGroupBinding for pods #656

Open
DingGGu opened this issue Jul 16, 2024 · 1 comment
Open

Feature Request: TargetGroupBinding for pods #656

DingGGu opened this issue Jul 16, 2024 · 1 comment

Comments

@DingGGu
Copy link

DingGGu commented Jul 16, 2024

Lattice has various deployment models.

Lattice is limited to 169.254.171.0/24, so only one ServiceNetwork can be associated per VPC.
Our deployment model seeks to connect “untrusted zones” between different domain and clusters.

Each cluster has a Lattice ServiceNetwork, and other clusters expose a Lattice Service and then share it in the form of RAM Share.
Currently, Gateway Controller has limited support for ServiceExport. Since CrossAccount is not being considered, IaC such as Terraform must be used.

Using two Kubernetes Controller and Terraform, causes a conflict in Lifecylce resource management and makes hard to manage resource.

Therefore, if the Gateway Controller manages only the TargetGroup like TargetGroupBinding of the AWS LoadBalancer Controller, and manages the remaining Service creation, RAM Share, Service Associate, and AuthPolicy through Terraform, I expect that the two life cycles can be clearly separated and managed.

I suggest creating a method to synchronize TargetGroup by explicitly entering the ARN of Lattice TargetGroup, such as TargetGroupBinding, rather than ServiceExport.

@DingGGu
Copy link
Author

DingGGu commented Jul 17, 2024

I think it would be better to use HTTPBackend, but in that case, it would also be a good idea to create only a service that is not associate to the ServiceNetwork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant