- Newest
- Most votes
- Most comments
You can use ELB to expose the ingress controller to outside traffic. If you expose the public endpoint using AWS Load Balancer Controller, the load balancer in public subnet you created will handle the request as you expected while all other REST endpoints remain private accessible.
Please refer to links below. https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html https://aws.amazon.com/blogs/containers/introducing-aws-load-balancer-controller/
Hello @Eunsu_Shin,
Thanks for responding back. So i would like to achieve all of this using Traefik as an ingress controller. We already have an Ingress controller(Traefik) right now which is only accessible from certain IP addresses. Now, this was all fine up until now.
What we would specifically like to do is to expose only one end point within our EKS cluster to the internet and the rest of the cluster should still be private. How would i go about doing this securely?
Kindly request you to provide more details.
Regards, Kiran Hegde
As different answer on this thread, you can try to use ALB Ingress Controller which is formally known as aws-load-balancer-controller.
You can install aws-load-balancer-controller
in the existing private subnet, and just create Ingress
resource with alb.ingress.kubernetes.io/scheme: internal
annotation. Then, it will create ALB in the public subnet.
If you want to just use the existing public-facing ALB instance, then try TargetGroupBinding
CRD feature of aws-load-balancer-controller
. It will just link your running pods to the existing target group of the ALB.
You can check the detail for TargetGroupBinding
in here.
Hello @posquit0 Thanks for responding back. I would like to know if there is a way to achieve this using Traefik as an Ingress controller. I am new to Kubernetes, so excuse my limited knowledge of the same.
Thanks, Kiran Hegde
Hi @AWS-User-1971331, you can use your Traffik Ingress controller in private node group without any changes. Just expose your traffik
with LoadBalancer
type Service
object with public facing Network Load Balancer. Then, only NLB is exposed to public. :)
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- How can I access an Amazon EMR cluster through an application if the cluster is in a private subnet?AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago