I have an AWS EKS version 1.26 cluster up and hosting a Java application. I am managing ingress configurations by running a ingress-nginx controller version 4.5.2. Through ingress-nginx I have configured an external NLB with the following configuration yaml file and helm command:
external-controller.yaml
defaultBackend:
nodeSelector:
kubernetes.io/os: "linux"
controller:
replicaCount: 2
nodeSelector:
kubernetes.io/os: "linux"
ingressClassResource:
name: nginx-ext
enabled: true
default: false
controllerValue: "example.com/ingress-nginx-ext"
ingressClass: nginx-ext
ingressClassByName: true
service:
# Enable the external LB
external:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "false"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
Helm command
helm install "ext-nginx-ingress-controller" ingress-nginx/ingress-nginx
--namespace "ext-ingress"
--version 4.5.2
-f "external-controller.yaml"
Executing this helm command results in the creation of a internet-facing NLB, which is exactly what I want. That said what is not to my liking is that in the AWS console if I check the Security tab under this NLB I just created I see the following message:
No security group associated
Because this load balancer was created without a security group, these settings can’t be changed. To utilize security groups, ensure that one is specified during creation of the load balancer.
What do I need to add to external-controller.yaml to get a security groups associated to my NLB at creation time?
Any help is appreciated, thanks.
2
Answers
What about this annotation?
Citing official AWS page:
Additional resources:
Sorry, not an answer. I cannot comment since I do not have enough reputation 😐
@nabello, have you figured out how to do this ?