Menu
I have an EKS Kubernetes 1.16.x. cluster with three public subnets tagged with kubernetes.io/role/elb: 1 and three private subnets tagged with kubernetes.io/role/internal-elb: 1
I'm attempting to create an internal NLB LoadBalancer service. By internal, I want it hosted on the three private subnets and not the three public subnets.
I'm following the docs at https://docs.aws.amazon.com/eks/latest/userguide/load-balancing.html
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-internal: true
name: grafana-nlb
namespace: prometheus
spec:
ports:
- name: service
port: 80
protocol: TCP
targetPort: 3000
selector:
app.kubernetes.io/instance: prom
app.kubernetes.io/name: grafana
type: LoadBalancer
If I omit the service.beta.kubernetes.io/aws-load-balancer-internal: true annotation, everything seems to work perfectly and produce exactly what I expect. I get a public NLB that is hosted on the three public subnets only. I can see this via the AWS cli with aws elbv2 describe-load-balancers, with "Scheme": "internet-facing", "Type": "network",.
If create this with the service.beta.kubernetes.io/aws-load-balancer-internal: true annotation, I get a classic ELB rather than an NLB, and it's still public. It has "Scheme": "internet-facing" and is hosted on the three public subnets only. With the CLI, I can see the load balancer with aws elb describe-load-balancers but not with aws elbv2 describe-load-balancers
This seems like broken behavior. Any tips on how I can troubleshoot or proceed?
684
If your pods run on Windows in an Amazon EKS cluster, a single service with a load balancer can support up to 1024 back-end pods. Each pod has its own unique IP address.
service.beta.kubernetes.io/aws-load-balancer-type specifies the load balancer type. This controller reconciles those service resources with this annotation set to either nlb-ip or external . For nlb-ip type, controller will provision NLB with IP targets. This value is supported for backwards compatibility.
In other words, Kubernetes services are themselves the crudest form of load balancing traffic. In Kubernetes the most basic type of load balancing is load distribution. Kubernetes uses two methods of load distribution. Both of them are easy to implement at the dispatch level and operate through the kube-proxy feature.
IP mode. IP target mode supports pods running on AWS EC2 instances and AWS Fargate. In this mode, the AWS NLB targets traffic directly to the Kubernetes pods behind the service, eliminating the need for an extra network hop through the worker nodes in the Kubernetes cluster.
The true needs to be quoted as "true" in the yaml.
This works:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
This causes the error I was experiencing:
service.beta.kubernetes.io/aws-load-balancer-internal: true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With