service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval(in minutes)service.beta.kubernetes.io/aws-load-balancer-access-log-enabled(true|false)service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-nameservice.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefixservice.beta.kubernetes.io/aws-load-balancer-additional-resource-tags(comma-separated list of key=value)service.beta.kubernetes.io/aws-load-balancer-backend-protocol(http|https|ssl|tcp)service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled(true|false)service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout(in seconds)service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout(in seconds, default 60)service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled(true|false)service.beta.kubernetes.io/aws-load-balancer-extra-security-groups(comma-separated list)service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-thresholdservice.beta.kubernetes.io/aws-load-balancer-healthcheck-intervalservice.beta.kubernetes.io/aws-load-balancer-healthcheck-timeoutservice.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-thresholdservice.beta.kubernetes.io/aws-load-balancer-internal(true|false)service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'service.beta.kubernetes.io/aws-load-balancer-ssl-cert(IAM or ACM ARN)service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policyservice.beta.kubernetes.io/aws-load-balancer-ssl-ports(default '*')service.beta.kubernetes.io/aws-load-balancer-type: nlb
Last active
September 7, 2024 16:25
-
-
Save mgoodness/1a2926f3b02d8e8149c224d25cc57dc1 to your computer and use it in GitHub Desktop.
AWS ELB-related annotations for Kubernetes Services (as of v1.12.0)
Hi, guys. In AWS EKS I have two NLB's.
And I have two ingresses for different hostnames:
domain1.com
domain2.com
I want ingress for domain1.com using only first NLB and ingress for domain2.com using only second NLB. I can't understand how can I configure ingress to use specified NLB.
do you have two ingress rules or two ingress controller? you could have one ingress controller that manager all the ingress rules and use only one lb
do you have two ingress rules or two ingress controller? you could have one ingress controller that manager all the ingress rules and use only one lb
I have two ingress rules in different ns and one ingress controller. But I have two nlb, each with its own certificate from AWS cert manager
Which kind of ingress controller you are using?
Which kind of ingress controller you are using?
Nginx ingress controller
I fixed my issue using kubernetes.io/ingress.class: INGRESS_APPLICATION annotation in ingress resource, --ingress-class=%INGRESS_APPLICATION% arg and --publish-service=$(POD_NAMESPACE)/ingress-nginx-%INGRESS_APPLICATION% arg in nginx ingress controller.
Hi All,
Do these following health check annotations work with AWS NLB?
service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-thresholdFor us, its not reflecting changes in console once we apply them.
Or do we have any specific list of annotations that works well with NLB.
--Tarun
Same for me, when will this be fixed? Thanks.
Any update on the possibility of naming the load balancer via an annotation?
No ETA but they have plan.
Regarding multiple ssl certs on NLB. Current k8s service only supports a single ARN for a certificate https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws
BUT the aws-load-balancer-controller takes a stringList of certificate ARNs allowing you to use multiple certificates.
I had a really hard time figuring out that those aws-load-balancer* annotations are standard k8s but if you install the aws-load-balancer-controller then it replaces how service resources are handled and it almost handles the same annotations in the same way. The important difference for me is the handling of multiple certificates in the service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation now becomes possible.
Hi All,
Do these following health check annotations work with AWS NLB?
service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold
For us, its not reflecting changes in console once we apply them.
Or do we have any specific list of annotations that works well with NLB.
--TarunSame for me, when will this be fixed? Thanks.
Did anyone find/open a bug for this? I'm encountering the same on EKS 1.19
Found kubernetes/kubernetes#94546 which fixes the health check issues I was encountering
I dont think service.beta.kubernetes.io/aws-load-balancer-type supports nlb
it has to be nlb-ip
is private static IPs supportet via annotations ?
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
For backwards compatibility, controller still supports the nlb-ip as the type annotation. For example, if you specify
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
is private static IPs supportet via annotations ?
To use an static ip, you need to specify this in the k8s service
we have set the following annotations to our ingress-controller to automatically spawn an nlb in front of our eks/ingress-nginx
kubectl describe service ingress-nginx-controller -n ingress-nginx:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: true
service.beta.kubernetes.io/aws-load-balancer-internal: true
service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses: 10.19.64.10, 10.19.128.10, 10.19.192.10
service.beta.kubernetes.io/aws-load-balancer-scheme: internal
service.beta.kubernetes.io/aws-load-balancer-type: nlb
But the nlb always spawns with dynamic IPs.
we have set the following annotations to our ingress-controller to automatically spawn an nlb in front of our eks/ingress-nginx
kubectl describe service ingress-nginx-controller -n ingress-nginx: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: true service.beta.kubernetes.io/aws-load-balancer-internal: true service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses: 10.19.64.10, 10.19.128.10, 10.19.192.10 service.beta.kubernetes.io/aws-load-balancer-scheme: internal service.beta.kubernetes.io/aws-load-balancer-type: nlbBut the nlb always spawns with dynamic IPs.
Are you using the AWS Load Balancer Controller or what's built in to EKS? That annotation only seems to be used by the AWS LBC which needs to be installed separately.
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/service/annotations/
is http2 supported via annotations ?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this link might help https://github.com/kubernetes/legacy-cloud-providers/blob/5f90415fb35981634716442107c1c7302dbc605b/aws/aws.go#L184