apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 creationTimestamp: null labels: app.kubernetes.io/name: aws-load-balancer-controller name: targetgroupbindings.elbv2.k8s.aws spec: group: elbv2.k8s.aws names: kind: TargetGroupBinding listKind: TargetGroupBindingList plural: targetgroupbindings singular: targetgroupbinding scope: Namespaced validation: openAPIV3Schema: description: TargetGroupBinding is the Schema for the TargetGroupBinding API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding properties: networking: description: networking provides the networking setup for ELBV2 LoadBalancer to access targets in TargetGroup. properties: ingress: description: List of ingress rules to allow ELBV2 LoadBalancer to access targets in TargetGroup. items: properties: from: description: List of peers which should be able to access the targets in TargetGroup. If unspecified or empty, defaults to anywhere. items: description: NetworkingPeer defines the source/destination peer for networking rules. properties: ipBlock: description: IPBlock defines an IPBlock peer. If specified, none of the other fields can be set. properties: cidr: description: CIDR is the network CIDR. Both IPV4 or IPV6 CIDR are accepted. type: string required: - cidr type: object securityGroup: description: SecurityGroup defines a SecurityGroup peer. If specified, none of the other fields can be set. properties: groupID: description: GroupID is the EC2 SecurityGroupID. type: string required: - groupID type: object type: object type: array ports: description: List of ports which should be made accessible on the targets in TargetGroup. If unspecified or empty, defaults to all port. items: properties: port: description: The port which traffic must match. If unspecified, defaults to all port. format: int64 type: integer protocol: description: The protocol which traffic must match. If unspecified, defaults to all protocol. enum: - TCP - UDP type: string type: object type: array type: object type: array type: object serviceRef: description: serviceRef is a reference to a Kubernetes Service and ServicePort. properties: name: description: Name is the name of the Service. type: string port: anyOf: - type: integer - type: string description: Port is the port of the ServicePort. x-kubernetes-int-or-string: true required: - name - port type: object targetGroupARN: description: targetGroupARN is the Amazon Resource Name (ARN) for the TargetGroup. type: string targetType: description: targetType is the TargetType of TargetGroup. If unspecified, it will be automatically inferred. enum: - instance - ip type: string required: - serviceRef - targetGroupARN type: object status: description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding properties: observedGeneration: description: The generation observed by the TargetGroupBinding controller. format: int64 type: integer type: object type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-controller-leader-election-role namespace: kube-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - configmaps/status verbs: - get - update - patch - apiGroups: - "" resources: - events verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null labels: app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-controller-role rules: - apiGroups: - "" resources: - endpoints verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces verbs: - get - list - watch - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - pods verbs: - get - list - patch - update - watch - apiGroups: - "" resources: - pods/status verbs: - get - patch - update - apiGroups: - "" resources: - secrets verbs: - get - list - watch - apiGroups: - "" resources: - services verbs: - get - list - patch - update - watch - apiGroups: - "" resources: - services/status verbs: - get - patch - update - apiGroups: - elbv2.k8s.aws resources: - targetgroupbindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - elbv2.k8s.aws resources: - targetgroupbindings/status verbs: - get - patch - update - apiGroups: - extensions resources: - ingresses verbs: - get - list - patch - update - watch - apiGroups: - extensions resources: - ingresses/status verbs: - get - patch - update - apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-controller-leader-election-rolebinding namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: aws-load-balancer-controller-leader-election-role subjects: - kind: ServiceAccount name: aws-load-balancer-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-controller-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: aws-load-balancer-controller-role subjects: - kind: ServiceAccount name: aws-load-balancer-controller namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-controller namespace: kube-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: aws-load-balancer-controller template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: aws-load-balancer-controller spec: containers: - args: - --cluster-name=your-cluster-name image: amazon/aws-alb-ingress-controller:v2.0.0-rc0 name: controller resources: limits: cpu: 100m memory: 30Mi requests: cpu: 100m memory: 20Mi serviceAccountName: aws-load-balancer-controller terminationGracePeriodSeconds: 10