From 987a721723d9a7849aa25a40e48bd6cad5ac2dc7 Mon Sep 17 00:00:00 2001 From: Vladimir Varankin Date: Mon, 25 Oct 2021 19:47:02 +0200 Subject: [PATCH] update documentation and templates for aws nlb (#7662) --- deploy/static/provider/aws/deploy-tls-termination.yaml | 3 +-- docs/deploy/index.md | 8 ++++++-- hack/generate-deploy-scripts.sh | 7 ++++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/deploy/static/provider/aws/deploy-tls-termination.yaml b/deploy/static/provider/aws/deploy-tls-termination.yaml index 99e6397c3..a0e07e952 100644 --- a/deploy/static/provider/aws/deploy-tls-termination.yaml +++ b/deploy/static/provider/aws/deploy-tls-termination.yaml @@ -269,12 +269,11 @@ apiVersion: v1 kind: Service metadata: annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-type: elb + service.beta.kubernetes.io/aws-load-balancer-type: nlb labels: helm.sh/chart: ingress-nginx-4.0.6 app.kubernetes.io/name: ingress-nginx diff --git a/docs/deploy/index.md b/docs/deploy/index.md index 5c98aa996..f5074b078 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -38,7 +38,7 @@ You can wait until it is ready to run the next command: - [Digital Ocean](#digital-ocean) - [Scaleway](#scaleway) - [Exoscale](#exoscale) - - [Oracle Cloud Infrastructure](#oracle-cloud-infrastructure) + - [Oracle Cloud Infrastructure](#oracle-cloud-infrastructure) - [Bare-metal](#bare-metal) - [Verify installation](#verify-installation) - [Detect installed version](#detect-installed-version) @@ -82,13 +82,17 @@ Please check the microk8s [documentation page](https://microk8s.io/docs/addon-in In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`. +!!! info + The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB. + AWS provides the documentation on how to use [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller). + ##### Network Load Balancer (NLB) ```console kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/aws/deploy.yaml ``` -##### TLS termination in AWS Load Balancer (ELB) +##### TLS termination in AWS Load Balancer (NLB) In some scenarios is required to terminate TLS in the Load Balancer and not in the ingress controller. diff --git a/hack/generate-deploy-scripts.sh b/hack/generate-deploy-scripts.sh index b8aec4104..28625721b 100755 --- a/hack/generate-deploy-scripts.sh +++ b/hack/generate-deploy-scripts.sh @@ -89,11 +89,12 @@ controller: externalTrafficPolicy: Local annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + # This example is for legacy in-tree service load balancer controller for AWS NLB, + # that has been phased out from Kubernetes mainline. + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX" - service.beta.kubernetes.io/aws-load-balancer-type: elb + service.beta.kubernetes.io/aws-load-balancer-type: nlb # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default, # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be # increased to '3600' to avoid any potential issues.