Useful Kubernetes Service annotations for AWS

I’ve found the following Kubernetes Service object annotations really useful for getting a Service exposed globally with SSL, Logging, firewall (security group) rules and setting up proper DNS records. Also a bit for specifying we want “internal” LoadBalancers instead of external.

NOTE: These assume your K8s cluster is running in AWS

# Related to ELB logging
service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: "60"
service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: access-logs-bucket
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: foobar

# Related to Internal load balancer
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

# Related to DNS
external-dns.alpha.kubernetes.io/hostname: foo.bar.com
external-dns.alpha.kubernetes.io/ttl: "10"

# Related to HTTPS
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:1234567890:certificate/abc35ed8-aabb-123b-bf6b-2b915e864100

Most of these are from this link, which also has a discussion linking to the place in code where these are all defined.

NOTE: DNS stuff requires a Pod running the external-dns software

NOTE 2: This seems to be documented here now: https://kubernetes.io/docs/concepts/services-networking/service/#elb-access-logs-on-aws

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.