mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-08 06:08:04 -05:00
29 lines
1.9 KiB
Markdown
29 lines
1.9 KiB
Markdown
|
# Expose a service
|
||
|
|
||
|
Constellation integrates the native load balancers of each CSP. Therefore, to expose a service simply [create a service of type `LoadBalancer`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer).
|
||
|
|
||
|
## Internet-facing LB service on AWS
|
||
|
|
||
|
To expose your application service externally you might want to use a Kubernetes Service of type `LoadBalancer`. On AWS, load-balancing is achieved through the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) as in the managed EKS.
|
||
|
|
||
|
Since recent versions, the controller deploy an internal LB by default requiring to set an annotation `service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing` to have an internet-facing LB. For more details, see the [official docs](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/nlb/).
|
||
|
|
||
|
For general information on LB with AWS see [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html).
|
||
|
|
||
|
:::caution
|
||
|
Before terminating the cluster, all LB backed services should be deleted, so that the controller can cleanup the related resources.
|
||
|
:::
|
||
|
|
||
|
## Ingress on AWS
|
||
|
|
||
|
The AWS Load Balancer Controller also provisions `Ingress` resources of class `alb`.
|
||
|
AWS Application Load Balancers (ALBs) can be configured with a [`target-type`](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#target-type).
|
||
|
The target type `ip` requires using the EKS container network solution, which makes it incompatible with Constellation.
|
||
|
If a service can be exposed on a `NodePort`, the target type `instance` can be used.
|
||
|
|
||
|
See [Application load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) for more information.
|
||
|
|
||
|
:::caution
|
||
|
Ingress handlers backed by AWS ALBs reside outside the Constellation cluster, so they shouldn't be handling sensitive traffic!
|
||
|
:::
|