I have an EKS Kubernetes 1.16.x. cluster with three public subnets tagged with kubernetes.io/role/elb: 1 and three private subnets tagged with kubernetes.io/role/internal-elb: 1
I'm attempting to create an internal NLB LoadBalancer service. By internal, I want it hosted on the three private subnets and not the three public subnets.
I'm following the docs at https://docs.aws.amazon.com/eks/latest/userguide/load-balancing.html
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-internal: true
name: grafana-nlb
namespace: prometheus
spec:
ports:
- name: service
port: 80
protocol: TCP
targetPort: 3000
selector:
app.kubernetes.io/instance: prom
app.kubernetes.io/name: grafana
type: LoadBalancer
If I omit the service.beta.kubernetes.io/aws-load-balancer-internal: true annotation, everything seems to work perfectly and produce exactly what I expect. I get a public NLB that is hosted on the three public subnets only. I can see this via the AWS cli with aws elbv2 describe-load-balancers, with "Scheme": "internet-facing", "Type": "network",.
If create this with the service.beta.kubernetes.io/aws-load-balancer-internal: true annotation, I get a classic ELB rather than an NLB, and it's still public. It has "Scheme": "internet-facing" and is hosted on the three public subnets only. With the CLI, I can see the load balancer with aws elb describe-load-balancers but not with aws elbv2 describe-load-balancers
This seems like broken behavior. Any tips on how I can troubleshoot or proceed?
