constellation/docs/versioned_docs/version-2.17/workflows/lb.md
edgelessci 7b6c3a710e
docs: add release v2.17.0 (#3221)
Co-authored-by: msanft <58110325+msanft@users.noreply.github.com>
2024-07-03 14:11:59 +02:00

1.9 KiB

Expose a service

Constellation integrates the native load balancers of each CSP. Therefore, to expose a service simply create a service of type LoadBalancer.

Internet-facing LB service on AWS

To expose your application service externally you might want to use a Kubernetes Service of type LoadBalancer. On AWS, load-balancing is achieved through the AWS Load Balancer Controller as in the managed EKS.

Since recent versions, the controller deploy an internal LB by default requiring to set an annotation service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing to have an internet-facing LB. For more details, see the official docs.

For general information on LB with AWS see Network load balancing on Amazon EKS.

:::caution Before terminating the cluster, all LB backed services should be deleted, so that the controller can cleanup the related resources. :::

Ingress on AWS

The AWS Load Balancer Controller also provisions Ingress resources of class alb. AWS Application Load Balancers (ALBs) can be configured with a target-type. The target type ip requires using the EKS container network solution, which makes it incompatible with Constellation. If a service can be exposed on a NodePort, the target type instance can be used.

See Application load balancing on Amazon EKS for more information.

:::caution Ingress handlers backed by AWS ALBs reside outside the Constellation cluster, so they shouldn't be handling sensitive traffic! :::