update documentation and templates for aws nlb (#7662)

deploy/static/provider/aws/deploy-tls-termination.yaml

@@ -269,12 +269,11 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
     service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
     service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
     service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
     service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
-    service.beta.kubernetes.io/aws-load-balancer-type: elb
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
   labels:
     helm.sh/chart: ingress-nginx-4.0.6
     app.kubernetes.io/name: ingress-nginx

docs/deploy/index.md

@@ -82,13 +82,17 @@ Please check the microk8s [documentation page](https://microk8s.io/docs/addon-in
 
 In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
 
+!!! info
+    The provided templates illustrate the setup for legacy in-tree service load balancer for AWS NLB.
+    AWS provides the documentation on how to use [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) with [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller).
+
 ##### Network Load Balancer (NLB)
 
 ```console
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/aws/deploy.yaml
 ```
 
-##### TLS termination in AWS Load Balancer (ELB)
+##### TLS termination in AWS Load Balancer (NLB)
 
 In some scenarios is required to terminate TLS in the Load Balancer and not in the ingress controller.
 

hack/generate-deploy-scripts.sh

@@ -89,11 +89,12 @@ controller:
     externalTrafficPolicy: Local
 
     annotations:
-      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+      # This example is for legacy in-tree service load balancer controller for AWS NLB,
-      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+      # that has been phased out from Kubernetes mainline.
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
       service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
-      service.beta.kubernetes.io/aws-load-balancer-type: elb
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
       # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
       # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
       # increased to '3600' to avoid any potential issues.