Allow parameters like wafv2-acl-arn to be referenced via Kubernetes Secrets or ConfigMaps

[RamazanKara]

Describe the feature you are requesting

We're looking for a way to manage AWS resources like Web ACLs and Certificates using Kubernetes Secrets or ConfigMaps instead of relying solely on ingress annotations. This change would allow us to deploy these resources within EKS using Terraform and then reference them in our Kubernetes configurations, making our setup more cohesive and efficient. Also it would align with the current prevalent GitOps Bridge Strategy.

Motivation

In our current workflow, we use Terraform to create infrastructure components such as Certificates and Web ACLs, while ArgoCD handles the deployment of Kubernetes Workloads. The existing method of managing these resources through ingress annotations feels a bit clunky and doesn't fit well with our infrastructure management strategy. By enabling the use of Kubernetes Secrets or ConfigMaps, we could streamline our processes, reduce complexity, and better align with our existing tools and practices.

Describe the proposed solution you'd like

We envision a solution where the AWS Load Balancer Controller can reference AWS resources like Web ACLs and Certificates directly from Kubernetes Secrets or ConfigMaps. This would mean we could deploy these resources using Terraform and then simply point to them in our ingress configurations. Such a feature would greatly enhance our ability to manage infrastructure in a more integrated and efficient manner.

Describe alternatives you've considered

We've thought about sticking with the current approach of using ingress annotations, but it doesn't really meet our needs as it complicates our workflow and doesn't fully utilize our Terraform capabilities. Another option would be to manage everything through Terraform, but that would require significant changes to our current setup with ArgoCD, which isn't ideal for us.

[shraddhabang]

@RamazanKara Thank you for reaching out to us and providing such a great feature request description. I understand your current challenges. However, Instead of using the k8 secrets and configMaps, we can add/modify annotations to accept the name of these resources along with their arns so that we can fetch the resource for you based on its name instead of arn. This way you dont have to rely on the arns for your resources created through terraform. Would that be acceptable for you?