Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
AWS ELB-related annotations for Kubernetes Services (v1.5)

AWS Service annotations

  • service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval (in minutes)
  • service.beta.kubernetes.io/aws-load-balancer-access-log-enabled (true|false)
  • service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name
  • service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix
  • service.beta.kubernetes.io/aws-load-balancer-backend-protocol (http|https|ssl|tcp)
  • service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled (true|false)
  • service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout (in seconds)
  • service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout (in seconds, default 60)
  • service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled (true|false)
  • service.beta.kubernetes.io/aws-load-balancer-internal: '0.0.0.0/0'
  • service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
  • service.beta.kubernetes.io/aws-load-balancer-ssl-cert (IAM or ACM ARN)
  • service.beta.kubernetes.io/aws-load-balancer-ssl-ports (default '*')

KIVagant commented May 17, 2017

dod38fr commented May 29, 2017

Thanks for the list.

aws-load-balancer-internal annotation value is only used as a boolean. Why is 0.0.0.0/0 shown as a default value ?

tuannvm commented Oct 17, 2017

To add additional tags for ELB, reference:

service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags

Do you know how I can do ssl termination? I e. if service.beta.kubernetes.io/aws-load-balancer-backend-protocol is set to https, then the "Load Balancer Protocol" and the "Instance Protocol" are both set to https. I would like the "Instance Protocol" to remain http.

TommyO commented Nov 16, 2017

@srossross-tableau
service.beta.kubernetes.io/aws-load-balancer-backend-protocol is for the Instance protocol. The 2 ssl annotations are for the load balancer settings. What you want looks something like this:

    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:...."
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"

downneck commented Jan 5, 2018

@srossross-tableau @TommyO

service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*" will terminate ssl on all ports. if your LB is going to be serving any ports without ssl termination (http, ssh, etc.) you want aws-load-balancer-ssl-ports to list only the ports that will terminate ssl (eg. 443)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment