Cloud Providers
This page explains how to manage Kubernetes running on a specific cloud provider.
AWS
This section describes all the possible configurations which can be used when running Kubernetes on Amazon Web Services.
Load Balancers
You can setup external load balancers to use specific features in AWS by configuring the annotations as shown below.
apiVersion: v1
kind: Service
metadata:
name: example
namespace: kube-system
labels:
run: example
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:xx-xxxx-x:xxxxxxxxx:xxxxxxx/xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx #replace this value
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
spec:
type: LoadBalancer
ports:
- port: 443
targetPort: 5556
protocol: TCP
selector:
app: example
Different settings can be applied to a load balancer service in AWS using annotations. The following describes the annotations supported on AWS ELBs:
service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval: Used to specify access log emit interval.service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: Used on the service to enable or disable access logs.service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: Used to specify access log s3 bucket name.service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: Used to specify access log s3 bucket prefix.service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: Used on the service to specify a comma-separated list of key-value pairs which will be recorded as additional tags in the ELB. For example:"Key1=Val1,Key2=Val2,KeyNoVal1=,KeyNoVal2".service.beta.kubernetes.io/aws-load-balancer-backend-protocol: Used on the service to specify the protocol spoken by the backend (pod) behind a listener. Ifhttp(default) orhttps, an HTTPS listener that terminates the connection and parses headers is created. If set tosslortcp, a “raw” SSL listener is used. If set tohttpandaws-load-balancer-ssl-certis not used then a HTTP listener is used.service.beta.kubernetes.io/aws-load-balancer-ssl-cert: Used on the service to request a secure listener. Value is a valid certificate ARN. For more, see ELB Listener Config CertARN is an IAM or CM certificate ARN, e.g.arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: Used on the service to enable or disable connection draining.service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout: Used on the service to specify a connection draining timeout.service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: Used on the service to specify the idle connection timeout.service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: Used on the service to enable or disable cross-zone load balancing.service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: Used one the service to specify additional security groups to be added to ELB createdservice.beta.kubernetes.io/aws-load-balancer-internal: Used on the service to indicate that we want an internal ELB.service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: Used on the service to enable the proxy protocol on an ELB. Right now we only accept the value*which means enable the proxy protocol on all ELB backends. In the future we could adjust this to allow setting the proxy protocol only on certain backends.service.beta.kubernetes.io/aws-load-balancer-ssl-ports: Used on the service to specify a comma-separated list of ports that will use SSL/HTTPS listeners. Defaults to*(all)
The information for the annotations for AWS is taken from the comments on aws.go