AWS Network Load Balancer and TCP traffic with AWS Fargate

1
votes

I want to expose a tcp-only service from my Fargate cluster to the public internet on port 80. To achieve this I want to use an AWS Network Load Balancer

This is the configuration of my service:

apiVersion: v1
kind: Service
metadata:
  name: myapp
  labels:
    app: myapp
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "30"
spec:
  type: LoadBalancer
  selector:
    app: myapp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

Using the service from inside the cluster with CLUSTER-IP works. When I apply my config with kubectl the following happens:

  • Service is created in K8s
  • NLB is created in AWS
  • NLB gets Status 'active'
  • VPC and other values for the NLB look correct
  • Target Group is created in AWS
  • There are 0 targets registered
  • I can't register targets because group expects instances, which I do not have
  • EXTERNAL_IP is
  • Listener is not created automatically

Then I create a listener for Port 80 and TCP. After some wait an EXTERNAL_IP is assigned to the service in AWS.

My Problem: It does not work. The service is not available using the DNS Name from the NLB and Port 80.

1
amazon-web-serviceskubernetesamazon-eksaws-fargate

1 Answers

3
votes

The in-tree Kubernetes Service LoadBalancer for AWS, can not be used for AWS Fargate.

You can use NLB instance targets with pods deployed to nodes, but not to Fargate.

But you can now install AWS Load Balancer Controller and use IP Mode on your Service LoadBalancer, this also works for AWS Fargate.

kind: Service
apiVersion: v1
metadata:
  name: nlb-ip-svc
  annotations:
    # route traffic directly to pod IPs
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"

See Introducing AWS Load Balancer Controller and EKS Network Load Balancer - IP Targets