How do I create an internal Layer 4 load balancer in Kubernetes?

Question

I am trying to create an internal (no external IP) layer 4 load balancer in AWS - either a Network LB or Classic LB - for internal traffic management instead of using the kube-proxy.

Below is my manifest file - it keeps creating an external LB regardless of how I specify the annotations. I have tried this without the "aws-load-balancer-type" annotation as well as the "aws-load-balancer-scheme", which is supposed to default to "internal". I am not sure what to try next. (I will probably try a layer 7 LB next.)

% k get svc|grep test
test-internal-lb                      LoadBalancer   10.100.253.178   a29xxx.us-west-2.elb.amazonaws.com    80:xxx/TCP,443:xxx/TCP   8s

apiVersion: v1
kind: Service
metadata:
  name: test-internal-lb
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internal
    service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
spec:
  type: LoadBalancer
  selector:
    app: test-app
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8080
  - name: https
    protocol: TCP
    port: 443
    targetPort: 8080

Answer 1

SOLUTION:

test-app            LoadBalancer   172.20.40.154    internal-a03xxx.us-west-2.elb.amazonaws.com   80:8000/TCP   11d

kind: Service
metadata:
  name: test-app
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-internal: “true”
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  selector:
    app: test-app
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8000