EKS: load balancer services need to be resolved prior to registering

[asimpleidea]

When creating a service of type LoadBalancer in EKS, this service is assigned a hostname. See example:

[truncated for brevity...]
status:
  loadBalancer:
    ingress:
    - hostname: abc123674efg-648438329.us-west-1.elb.amazonaws.com

Obviously this won't be accepted by either Cloud Map or Service Directory, as they will only accept IP addresses, whether v4 or v6. So, in conclusion, whenever we see hostnames instead of IPs we need to resolve them in some way.

Specifically, for this scenario (EKS) I am thinking of these two ways of working:

• Ask CoreDNS pods to resolve it for us
  • Benefit of this: will probably work for any managed k8s provider that work like this
  • Downside: don't really want to send DNS queries for this, API approach is preferable
• Study AWS SDK v2 to see if there is an endpoint that does this for us.
  • API based
  • Will only work for EKS.

Please provide ideas/comments/feedback if you think/know of an alternative way, as they are more than welcome!

Will keep posted.

[asimpleidea]

Update: for EKS this probably means finding the Elastic Load Balancer that backs that service. Will let you know my findings.

---

Update-2: indeed. Tried to delete a LoadBalancer service from k8s and saw an Elastic Load Balancer with the same name disappearing. Tried to create a new service and a new ELB appeared as well.

---

Update-3: this has broader implications than we thought. Quoting from EKS -- emphasis mine:

Because the set of IP addresses associated with a Load Balancer can change over time, you should never create an "A" record with any specific IP address. If you want to use a friendly DNS name for your load balancer instead of the name generated by the Elastic Load Balancing service, you should create a CNAME record for the LoadBalancer DNS name, or use Amazon Route 53 to create a hosted zone. For more information, see Using Domain Names With Elastic Load Balancing.

So this would require a (lazy) watching mechanism to keep track of that change.

[arnatal]

Thanks for looking into this. Out of curiosity, what do we get when we do kubectl get services, does the hostname resolve to an EXTERNAL-IP?

[asimpleidea]

The output would still be the host name assigned to it, not an IP (the yaml extract I posted is from the real lb service, I just changed its name).

---

e.g. kubectl get services -n test-namespace -o wide:

NAME   TYPE           CLUSTER-IP      EXTERNAL-IP                                                               PORT(S)        AGE   SELECTOR
sv3    LoadBalancer   10.100.59.182   abc123456def789abc-1085326388.us-west-1.elb.amazonaws.com   80:30344/TCP   16s   app=sv3

[asimpleidea]

Update: this has been done with the first solution (more or less) as it is the more scalable and convenient one (golang makes this super easy to do). Also it is the least invasive one (for the same scalability reason).