How to update AWS NLB setting to store logs in S3 bucket by k8s annotations How to update AWS NLB setting to store logs in S3 bucket by k8s annotations kubernetes kubernetes

How to update AWS NLB setting to store logs in S3 bucket by k8s annotations


amazon-web-services kubernetes annotations amazon-eks nlb

I've found a solution. I hope, it will help anybody.

As I understand, mentioned above annotations are only for ELB, and they don't work for NLB. I tried to update EKS to 1.16 and 1.17. It works for ELB, but not for NLB.

So, the solution is - to use local-exec provision in Terraform for k8s. At least it works for me.

Here is the code:

resource "null_resource" "enable_s3_bucket_logging_on_nlb" {  triggers = { <TRIGGERS> }  provisioner "local-exec" {    command = <<EOSfor i in $(aws elbv2 describe-load-balancers --region=<REGION> --names=$(echo ${data.kubernetes_service.nginx_ingress.load_balancer_ingress.0.hostname} |cut -d- -f1) | \jq ".[][] | { LoadBalancerArn: .LoadBalancerArn }" |awk '{print $2}' |tr -d '"'); do \aws elbv2 modify-load-balancer-attributes --region=<REGION> --load-balancer-arn $i --attributes Key=access_logs.s3.enabled,Value=true \Key=access_logs.s3.bucket,Value=nlb-logs-bucket Key=access_logs.s3.prefix,Value=nlblogs;\done; \EOS  }}

where:

  • <TRIGGERS> - condition for the trigger
  • <REGION> - region of your NLB

amazon-web-services kubernetes annotations amazon-eks nlb

I quite like the answer from above - I just modified the terraform code to rely less on any cli processing:

data "kubernetes_service" "nginx" {  metadata {    name      = "${local.k8s_nginx_name}-controller"    namespace = local.k8s_nginx_namespace  }}locals {  nlb_hostname = data.kubernetes_service.nginx.status.0.load_balancer.0.ingress.0.hostname  nlb_name     = split("-", local.nlb_hostname)[0]  # S3 log bucket needs:  #  https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions  nlb_attributes_json = jsonencode([    { Key = "deletion_protection.enabled", Value = "true" },    { Key = "load_balancing.cross_zone.enabled", Value = "true" },    { Key = "access_logs.s3.enabled", Value = "true" },    { Key = "access_logs.s3.bucket", Value = var.s3_log_name },    { Key = "access_logs.s3.prefix", Value = "nlblogs" },  ])}data "aws_lb" "nginx-nlb" {  name = local.nlb_name}resource "null_resource" "enable_s3_bucket_logging_on_nlb" {  triggers = {    nlb_arn             = data.aws_lb.nginx-nlb.arn    nlb_attributes_json = local.nlb_attributes_json  }  provisioner "local-exec" {    command = <<EOS    aws elbv2 modify-load-balancer-attributes \      --region=${var.aws_region} \      --load-balancer-arn ${data.aws_lb.nginx-nlb.arn} \      --attributes '${local.nlb_attributes_json}'\    EOS  }}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last