9

Objective: create a k8s LoadBalancer service on AWS whose IP is static

I have no problem accomplishing this on GKE by pre-allocating a static IP and passing it in via loadBalancerIP attribute:

$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
  name: dave
loadBalancerIP: 17.18.19.20
...etc...

But doing same in AWS results in externalIP stuck as <pending> and an error in the Events history

Removing the loadBalancerIP value allows k8s to spin up a Classic LB:

$ kubectl describe svc dave
Type:                   LoadBalancer
IP:                     100.66.51.123
LoadBalancer Ingress:   ade4d764eb6d511e7b27a06dfab75bc7-1387147973.us-west-2.elb.amazonaws.com
...etc...

but AWS explicitly warns me that the IPs are ephemeral (there's sometimes 2), and Classic IPs don't seem to support attaching static IPs

Thanks for your time

333kenshin
  • 1,995
  • 12
  • 17
  • 1
    It is currently not possible to assign a static IP to an ELB (the AWS warning message you mention also states that). Why do you need a static IP there in the first place? – fishi0x01 Oct 22 '17 at 09:05
  • we pass the IP to a cert generation tool which won't work with "ade4d76....us-west-2.elb.amazonaws.com" type names, and passing in an ephemeral IP would render the cert invalid in case of a failure – 333kenshin Oct 22 '17 at 09:53
  • Hmm that's a tough one indeed. Only thing that comes to mind is to add your own custom proxy layer with EC2/EIP on top of the ELB, but that adds an extra hop and complexity. This is also more complicated to scale, as new instances/IPs will result in a new cert. Further, such a layer will not automatically be created by k8s - so overall not a good solution .. – fishi0x01 Oct 22 '17 at 10:05
  • The new [Network Load Balancer](https://aws.amazon.com/blogs/aws/new-network-load-balancer-effortless-scaling-to-millions-of-requests-per-second/) works with Elastic IPs, which are static. Would it work for your application? Does it integrate with k8s? I don't know. – Michael - sqlbot Oct 22 '17 at 17:32
  • @Michael-sqlbot yes NLB allows binding with static EIPs, but no it not integrate with k8s (afaik) – 333kenshin Oct 22 '17 at 23:13
  • 1
    looks like it's now supported: https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/ – Quentin Mar 26 '19 at 14:49
  • thanks @Quentin please set this as an answer I'll vote it – 333kenshin Mar 29 '19 at 05:26
  • @333kenshin any update on this? It would be great to have a solution – Pierre B. Jul 23 '19 at 09:50

1 Answers1

0

as noted by @Quentin, AWS Network Load Balancer now supports K8s

https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/

Network Load Balancing in Kubernetes

Included in the release of Kubernetes 1.9, I added support for using the new Network Load Balancer with Kubernetes services. This is an alpha-level feature, and as of today is not ready for production clusters or workloads, so make sure you also read the documentation on NLB before trying it out. The only requirement to expose a service via NLB is to add the annotation service.beta.kubernetes.io/aws-load-balancer-type with the value of nlb.

A full example looks like this:

apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
  labels:
    app: nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
  externalTrafficPolicy: Local
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
type: LoadBalancer
333kenshin
  • 1,995
  • 12
  • 17
  • 2
    This answer addresses how to create an NLB dynamically via K8S, but as far as I can tell, it doesn't automatically use elastic IPs (yet). This may become available in K8S 1.16. See https://github.com/kubernetes/kubernetes/pull/69263 – matt Aug 30 '19 at 17:48