EKS / Internal NLB
Hello Folks, does anyone have a working example for values using eks w/ internal nlb? TIA
3 Replies
<#1420085665546240164>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
trying to use this config (redacted):
coder:
tls:
secretNames: []
env:
- name: CODER_ACCESS_URL
value: "https://coder.internal.example.com"
service:
enable: false # Keep this disabled since you're creating custom service
extraTemplates:
- |
apiVersion: v1
kind: Service
metadata:
name: coder
labels:
app.kubernetes.io/name: coder
app.kubernetes.io/instance: coder
annotations:
# Updated annotation (was: aws-load-balancer-scheme: "internal")
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
# TLS termination service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:123456789012:certificate/abcdefg-1234-5678-90ab-cdef01234567" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
# Add health check configuration (missing from yours) service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: "HTTP" service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "traffic-port" service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: "/api/v2/buildinfo"
# Optional: TLS policy service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06" spec: type: LoadBalancer loadBalancerSourceRanges: - 10.0.0.0/8 - 192.168.0.0/16 externalTrafficPolicy: Local # Keeps source IP preservation selector: app.kubernetes.io/name: coder app.kubernetes.io/instance: coder ports: - name: https port: 443 protocol: TCP targetPort: 8080
# TLS termination service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:123456789012:certificate/abcdefg-1234-5678-90ab-cdef01234567" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
# Add health check configuration (missing from yours) service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: "HTTP" service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "traffic-port" service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: "/api/v2/buildinfo"
# Optional: TLS policy service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06" spec: type: LoadBalancer loadBalancerSourceRanges: - 10.0.0.0/8 - 192.168.0.0/16 externalTrafficPolicy: Local # Keeps source IP preservation selector: app.kubernetes.io/name: coder app.kubernetes.io/instance: coder ports: - name: https port: 443 protocol: TCP targetPort: 8080