Annotations in EKS services for creating network load balancers
I am trying to expose my kubernetes resources using a LoadBalancer service type. As such I have deployed the AWS Load Balancer Controller beforehand. Now when I create a LoadBalancer service, I see a Network Load Balancer getting created in AWS, which is just fine. But looking at the docs at https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html#network-load-balancer, its talking about adding the following annotations to the service resource
service.beta.kubernetes.io/aws-load-balancer-type: "external" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
Now, this kind of seems redundant to me as I already have a Network Load Balancer with instance targets without adding any annotations to the k8s service. Thus, I am confused. Are the above annotations values just defaults? Do I need to provide these annotations mandatorily?
EDIT:
I can see from https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/#annotations that service.beta.kubernetes.io/aws-load-balancer-nlb-target-type has a default of instance but no defaults for service.beta.kubernetes.io/aws-load-balancer-type. So, that answers 1 part of my question.
- 최신
- 최다 투표
- 가장 많은 댓글
Hi Sayak,
To answer your question, let's see the history of why the annotation service.beta.kubernetes.io/aws-load-balancer-type: external came into being.
There are essentially two main Kubernetes controllers available to manage AWS Load Balancers instances:
- The legacy Kubernetes "Cloud Controller Manager", i.e. AWS cloud provider load balancer controller
- The new recommended "AWS Load Balancer Controller".
The legacy controller for aws until recently had it's code in the Kubernetes repository but I can see this commit which seems to have removed it (Looks like it is being packaged in v1.28.0-alpha.0 release).
The legacy controller used to create the Classic Load Balancers by default and then later fortified to also support Network Load Balancers. Later to support more customisations, the new recommended "AWS Load Balancer Controller" was introduced.
While both legacy cloud controller manager and aws load balancer controller were working together in the cluster, the annotation service.beta.kubernetes.io/aws-load-balancer-type: external was required. If the value of the annotation is set to external, the load balancer will be created by the new "AWS Load Balancer Controller".
So while not using the annotation service.beta.kubernetes.io/aws-load-balancer-type: external with other appropriate annotations will still create the Network Load Balancer for you but it will be created using the legacy AWS cloud provider load balancer controller and not the recommended "AWS Load Balancer Controller". The issues you will face is that the legacy provider is in deprecated mode and hence will not receive any new features and also it is due to be removed all together.
Hopefully, this answers your question.
Accepting this answer but I it seemed to me like my service was using the recommended "AWS Load Balancer Controller" when a LoadBalancer service was created without the annotation. And I think I have figured it out. There is a MutatingWebhookConfig
aws-load-balancer-webhookthat can mutate all LoadBalancer services and addloadBalancerClass: service.k8s.aws/nlbto them. And I feel like this is why the new controller is getting used. Do you think this is a correct observation? Here's where I got the info https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/5317c4156c213184c2ba0d6a67cd8ba9206925d9/helm/aws-load-balancer-controller/values.yaml#L352Hi Sayak, Yes, you are correct! This webhook seems to be added very recently on 6th April 2023 using this PR https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/3139