You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- The VPC CIDR will be used if `service.beta.kubernetes.io/aws-load-balancer-scheme` is `internal`
it mentions that if the service Object has the annotation of service.beta.kubernetes.io/aws-load-balancer-scheme: internal , then the source ranges for the LB will be from VPC CIDR, it's the same for v2.7 and v2.6.
However, it doesn't seem to be working.
I created a service to type LoadBalancer and had the same annotation in there(tried with both v2.7.2 and v2.6.2 LBC version).
I spun an internal NLB up, however one of the SG related to NLB, was allowing traffic from 0.0.0.0/0, which is not desirable. As one would think that the doc mentioning 👇🏻, will have it's effect, but certainly not working in this case.
The VPC CIDR will be used if service.beta.kubernetes.io/aws-load-balancer-scheme is internal
service.yaml 👇🏻
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-scheme: internal
labels:
app: web
name: web
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 80
selector:
app: web
type: LoadBalancer
NO ERRORS SPOTTED IN LBC DEPLOYMENT
Can we get a clarification why this is not working as expected? And if so, can we get a fix?
I can provide more details if needed.
The text was updated successfully, but these errors were encountered:
@oliviassss No issues applying the ranges using the annotation or spec.loadBalancerSourceRanges. Works perfectly, we just wanted to highlighted a particular behaviour as mentioned in the docs.
Hi Team
Based on the below line,
aws-load-balancer-controller/docs/guide/service/annotations.md
Line 431 in 9b4999b
it mentions that if the service Object has the annotation of
service.beta.kubernetes.io/aws-load-balancer-scheme: internal
, then the source ranges for the LB will be from VPC CIDR, it's the same for v2.7 and v2.6.However, it doesn't seem to be working.
I created a service to type
LoadBalancer
and had the same annotation in there(tried with both v2.7.2 and v2.6.2 LBC version).I spun an internal NLB up, however one of the SG related to NLB, was allowing traffic from
0.0.0.0/0
, which is not desirable. As one would think that the doc mentioning 👇🏻, will have it's effect, but certainly not working in this case.service.yaml 👇🏻
NO ERRORS SPOTTED IN LBC DEPLOYMENT
Can we get a clarification why this is not working as expected? And if so, can we get a fix?
I can provide more details if needed.
The text was updated successfully, but these errors were encountered: