amazon-eks - Populating AWS Alb Ingress Annotations from ConfigMap

The way I solved this challenge was to create the ingress resource using Helm and the variables I had prior to creating the resource, such as name of the application, namespaces etc.

apiVersion: extenstions/v1beta1
kind: Ingress
metadata:
name: "{{ .Values.application.name }}-ingress"
namespace: "{{ .Values.env.name }}"
labels:
  app: "{{ .Values.application.name  }}"
specs:
  rules:
    - host: "{{ .Values.environment.name }}.{{ .Values.application.name }}.{{ .Values.domain.name }}"
      https: 
       ....

I used a pod (a job is also an option) to annotate the newly created ingress resource using the environmental values from the configmap.

apiVersion: extenstions/v1beta1
kind: Ingress
metadate:
  name: annotate-ingress-alb
spec:
  serviceAccountName: internal-kubectl
containers:
   - name: modify-alb-ingress-controller
     image: "{{ .Values.images.varion }}"
  command: ["sh", "-c"]
  args:
    - '...
       kubectl annotate ingress -n {{ .Values.env.name }} {{ .Values.application.name }}-ingress alb.ingress.kubernetes.io/certificate-arn=$CERT_ARN;
 env:
  - name: cert_arn
    valueFrom: 
    configMapKeyRef: 
     name: environmental-variables
     key: certification_arn

Note that the pod should have the right service account with the right permission roles are attached to it. For instance, in this case for the pod to be able to annotate the ALB, it had to have extensions apiGroup and the ingress resources in the list of permissions (I have not restricted the verbiage yet).

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: service-account-role
rules:
  - apiGroups:
  - ""
  - extensions
resources:
  - ingresses
verbs: ["*"]

Hope this helps someone in the future.