can we use NLB with EKS clusters created via eksctl? #133
Comments
|
You probably try adding those at cluster level: |
|
@errordeveloper thanks for the heads up. Not sure if this is related to roles on the nodes or not; tried manually adding the nodes and no luck - can't seem to get the NLB working at all on EKS via eksctl. No clue why its not working TBH - this all just works on kops when those roles are added - so no idea if there's anything we can do in I wonder if you're right, we need the role added to the cluster/EKS control plane too? |
|
BTW I've been following these instructions to setup NLB on the EKS cluster and no luck so far when the same thing works fine on kops: |
|
btw after chatting with @errordeveloper on slack - this issue could be that NLB cannot be used with EKS due to the beta annotation - still not 100% sure yet... |
jstrachan
changed the title
|
aha thanks to this tweet and noodling those related docs I found that adding this policy to the control plane role worked! |
|
Great! I am happy to enable this by default, seems useful for everyone.
Wearing for a PR!
…On Tue, 24 Jul 2018, 1:28 pm James Strachan, ***@***.***> wrote:
aha thanks to this tweet
<https://twitter.com/micahhausler/status/1021563940763885569> and
noodling those related docs I found that adding this policy to the control
plane role worked!
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*",
"ec2:CreateSecurityGroup",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#133 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPWS7Gc0lrxM7dFLL8e_nq_Hupxl2IUks5uJxL6gaJpZM4Vas2j>
.
|
|
@errordeveloper great thanks! Was just gonna wait for the CloudFormation PRs to settle so I can see how best to do it; as using CloudFormation for the control plane is maybe a nice idea? |
|
@jstrachan I don't think #132 will land before next week, in fact I'd rather not land it before 0.1.0. |
|
I will add this to 0.1.0 milestone, in a way it's a bug too. |
|
Hmm, I have annotated my service with Do I need to create the NLB beforehand? |
|
@aparamon no, you don't need to create it beforehand. Did you manage to troubleshoot this? If not, please open another issue - we don't normally monitor closed issues. |
|
@errordeveloper I didn't, but in the end I used different architecture with a dedicated load-balancer node which runs ingress controller only and possesses static external IP (Elastic IP). |
Add example IAM policy
I've been trying out NLB instead of ELB as NLBs have stable static IP addresses; so you can use the nip.io trick of setting up Ingress without mandating a custom DNS name being used to setup wildcard CND via a CNAME to kick the tyres on EKS.
Things work great on kops but don't seem to work on EKS which am guessing is related to roles. It looks like these kinds of roles are required for setting up NLB on AWS with kops
https://gist.github.com/micahhausler/4f3a2ee540f5714e6dd91b4bacace3ae#file-create-cluster-sh-L30
so am guessing something similar is required on the
NodeInstanceRole. Will try figure out whats really required...The text was updated successfully, but these errors were encountered: