[Feature Request] Add ALB controller

Hi! 👋 GCP has an add-on to enable their load balancer ingress controller directly from the API and console. It allows us to create an ingress using multiple paths and hosts, enable health checking, etc.

By default, the Kubernetes LoadBalancer service in EKS creates a classic load balancer, which lacks a lot of great features, like WebSockets and path mapping. It’s also possible to enable the Network Load Balacing using a service annotation, but not the application load balancer.

AWS also has it’s own ingress controller, which cannot be enabled in cluster creation, it requires some additional steps to be installed. A tutorial can be found here.

Since this package is all about simplifying the experience of using EKS and creating a load balancer is potentially a very common task, i believe this functionality could be added here, maybe behind a flag like enableAlbController, since it adds new resources to the cluster. 😅

Implementation Details

To enable the ALB ingress controller, it’s necessary to:

1. Add a lot of IAM permissions to the node workers IAM role.
2. Add some RBAC roles and it’s service account.
3. Add the ingress controller.
4. Create an ingress setting the annotation kubernetes.io/ingress.class to alb. More annotations can be found here.

Most of these steps can be done directly to the cluster through this Helm Chart or by adding it to the cluster using @pulumi/kubernetes, but i’ve struggled to implement the iam roles. @pulumi/eks already creates it’s own instance role, so i’m not sure how i can implement a custom instance role without replacing the one created by the package or forking the package.

Alternatives

An alternative is to add a new option that allows the instance role to be customized, something like instanceRole to replace the default instance role created by the package or something like additionalInstanceRolePolicies to add more policies to the default instance role.