K
Q

How to use Helm to configure aws-alb-ingress-controller/alb.ingress.kubernetes.io/web-acl-id with aws waf?

10/29/2019

I have tried

helm install incubator/aws-alb-ingress-controller --namespace kube-system --name us-west-2-test --set clusterName=us-west-2-test --set autoDiscoverAwsRegion=true --set autoDiscoverAwsVpcID=true --set podAnnotations="alb\.ingress\.kubernetes\.io\/waf-acl-id"="waf-acl-id-redacted"

and

helm install incubator/aws-alb-ingress-controller --namespace kube-system --name us-west-2-test --set clusterName=us-west-2-test --set autoDiscoverAwsRegion=true --set autoDiscoverAwsVpcID=true --set podAnnotations[0]="alb\.ingress\.kubernetes\.io\/waf-acl-id"="waf-acl-id-redacted"

have also tried

podAnnotations: {
  alb.ingress.kubernetes.io/waf-acl-id: "waf-acl-id-redacted"
}

in a values.yaml file.

In all cases the alb-controller is successfully spooled up, a functioning alb comes to life, proper port associations, proper cert associations, no errors thrown.

But...no association with the the web-acl/waf.

I am VERY new to k8 and eks so I am still wrapping my brain around basic concepts.

What I am doing wrong here?

UPDATE:

making the annotation inside my application seems to have done the trick, however.....Thank You @hanx

Now that the association is made the nothing is getting through to my site.

If remove the annotation, and make the association manually with my ALB, everything seems to be working.

-- mlhumphrey
eks
kubernetes
kubernetes-helm

Similar Questions

Problem setting up ray using google cloud
Piping a file to stdin in Kubernetes Job
Unable to connect applications to database
HAProxy LoadBalancer with HTTPS Nginx Ingress Controller
Chaincode is getting invoked but the data is not getting stored in blockchain
How to pull image from Docker registry within Kubernetes cluster?

0 Answers