Traefik on EKS with pod Security Groups

amazon-web-services kubernetes traefik amazon-eks

You may wish to update your question with traefik and eks versions as there are many ways this can go sideways that have to do with versions.

Since you say nlb, I'll assume that to get this far you've set .spec.metadata.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-type=nlb, which would mean you're using the in-tree provider.

Have you verified that the loadbalancer indeed receives the configuration for service.beta.kubernetes.io/aws-load-balancer-proxy-protocol? Go to the ec2 > load balancers area of the console and verify the field is set as you expect. I'd wager it's not.

In my eks 1.19.x cluster, this behavior doesn't work as advertised. This seems to be an active issue, amongst the active re-organization of the load balancer provider which makes it super hard to track. As far as I can tell, a fix is slated to land in k8s 1.20, no idea whether/when a backport will be available.

Until then, I can at least confirm that the annotation seems to work properly using the newly minted aws-load-balancer-controller project, but they only support nlb-ip, which comes with its own problems (like 5+ minute registration/deregistration times in my case! quote: It can take a few minutes for the registration process to complete and health checks to start.)

CodeHunter

Traefik on EKS with pod Security Groups

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last