Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
AWS ELB-related annotations for Kubernetes Services (v1.5)

AWS Service annotations

  • service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval (in minutes)
  • service.beta.kubernetes.io/aws-load-balancer-access-log-enabled (true|false)
  • service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name
  • service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix
  • service.beta.kubernetes.io/aws-load-balancer-backend-protocol (http|https|ssl|tcp)
  • service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled (true|false)
  • service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout (in seconds)
  • service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout (in seconds, default 60)
  • service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled (true|false)
  • service.beta.kubernetes.io/aws-load-balancer-internal: '0.0.0.0/0'
  • service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
  • service.beta.kubernetes.io/aws-load-balancer-ssl-cert (IAM or ACM ARN)
  • service.beta.kubernetes.io/aws-load-balancer-ssl-ports (default '*')
@KIVagant

This comment has been minimized.

Show comment Hide comment

KIVagant commented May 17, 2017

@dod38fr

This comment has been minimized.

Show comment Hide comment
@dod38fr

dod38fr May 29, 2017

Thanks for the list.

aws-load-balancer-internal annotation value is only used as a boolean. Why is 0.0.0.0/0 shown as a default value ?

dod38fr commented May 29, 2017

Thanks for the list.

aws-load-balancer-internal annotation value is only used as a boolean. Why is 0.0.0.0/0 shown as a default value ?

@tuannvm

This comment has been minimized.

Show comment Hide comment
@tuannvm

tuannvm Oct 17, 2017

To add additional tags for ELB, reference:

service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags

tuannvm commented Oct 17, 2017

To add additional tags for ELB, reference:

service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags
@srossross-tableau

This comment has been minimized.

Show comment Hide comment
@srossross-tableau

srossross-tableau Nov 15, 2017

Do you know how I can do ssl termination? I e. if service.beta.kubernetes.io/aws-load-balancer-backend-protocol is set to https, then the "Load Balancer Protocol" and the "Instance Protocol" are both set to https. I would like the "Instance Protocol" to remain http.

Do you know how I can do ssl termination? I e. if service.beta.kubernetes.io/aws-load-balancer-backend-protocol is set to https, then the "Load Balancer Protocol" and the "Instance Protocol" are both set to https. I would like the "Instance Protocol" to remain http.

@tommyo

This comment has been minimized.

Show comment Hide comment
@tommyo

tommyo Nov 16, 2017

@srossross-tableau
service.beta.kubernetes.io/aws-load-balancer-backend-protocol is for the Instance protocol. The 2 ssl annotations are for the load balancer settings. What you want looks something like this:

    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:...."
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"

tommyo commented Nov 16, 2017

@srossross-tableau
service.beta.kubernetes.io/aws-load-balancer-backend-protocol is for the Instance protocol. The 2 ssl annotations are for the load balancer settings. What you want looks something like this:

    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:...."
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
@downneck

This comment has been minimized.

Show comment Hide comment
@downneck

downneck Jan 5, 2018

@srossross-tableau @tommyo

service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*" will terminate ssl on all ports. if your LB is going to be serving any ports without ssl termination (http, ssh, etc.) you want aws-load-balancer-ssl-ports to list only the ports that will terminate ssl (eg. 443)

downneck commented Jan 5, 2018

@srossross-tableau @tommyo

service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "*" will terminate ssl on all ports. if your LB is going to be serving any ports without ssl termination (http, ssh, etc.) you want aws-load-balancer-ssl-ports to list only the ports that will terminate ssl (eg. 443)

@c4m4

This comment has been minimized.

Show comment Hide comment
@c4m4

c4m4 Feb 16, 2018

Why there is no tag to say what subnet to use?

c4m4 commented Feb 16, 2018

Why there is no tag to say what subnet to use?

@jryberg

This comment has been minimized.

Show comment Hide comment
@jryberg

jryberg Feb 28, 2018

@c4m4, did you figure that one out? I'm also looking to select a specific subnet per load balancer.

jryberg commented Feb 28, 2018

@c4m4, did you figure that one out? I'm also looking to select a specific subnet per load balancer.

@aprisniak

This comment has been minimized.

Show comment Hide comment
@aprisniak

aprisniak Mar 5, 2018

How can I redirect to https?

How can I redirect to https?

@edify42

This comment has been minimized.

Show comment Hide comment
@edify42

edify42 Mar 7, 2018

@aprisniak You can with an Ingress definition which can do a HTTP 301/302.

Not sure if there's a nice way to do HTTPS redirects with an ALB type AWS LB

edify42 commented Mar 7, 2018

@aprisniak You can with an Ingress definition which can do a HTTP 301/302.

Not sure if there's a nice way to do HTTPS redirects with an ALB type AWS LB

@mt-inside

This comment has been minimized.

Show comment Hide comment
@mt-inside

mt-inside Apr 9, 2018

Do you have an updated version of this? It would be useful. E.g. in 1.9+ there's an option to make an NLB.
https://kubernetes.io/docs/concepts/services-networking/service/#network-load-balancer-support-on-aws-alpha

   metadata:
      name: my-service
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"

Do you have an updated version of this? It would be useful. E.g. in 1.9+ there's an option to make an NLB.
https://kubernetes.io/docs/concepts/services-networking/service/#network-load-balancer-support-on-aws-alpha

   metadata:
      name: my-service
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment