You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to understand Nebari/Traefik's connection to the load balancer created in AWS when Nebari is successfully deployed. I'm deploying Nebari to a pre-existing AWS VPC with a public/private subnet architecture that looks like this presently:
AWS us-east-2 AZ 1 AWS us-east-2 AZ 2
public subnet
[xyz.xyz.xyz.xyz/27]
private subnet private subnet
[10.xyz.xyz.xyz/23] [10.xyz.xyz.xyz/23]
When the Nebari terraform deployment completes, an AWS Classic load balancer is created across both AZs (assuming I pass it a subnet from each of the above AZs in my nebari-config.yaml). I also need to have an internal load balancer with no public endpoints due to my networking set up.
Currently, I'm using these annotations to do that:
My main question is: is a Classic load balancer always created by the Traefik k8s LoadBalancer config in Nebari? Or are other types of AWS ELBs sometimes created in different circumstances than mine?
In my case the Classic LB is configured with listener protocols/ports that match the above config in the terraform code (80, 443, 8022, etc), but with corresponding instance protocols/ports that seem arbitrary - or at least not specified in the terraform. I can see in the nebari-traefik-ingress k8s service how the node port settings match the instance ports in the Classic LB, so I think I understand the connection there and more or less how the traffic is routed.
It isn't clear to me:
How the instance/node ports are set, and whether or not they can be modified
Related to that, is it possible to override the Classic LB that Nebari/Traefik creates to use instead a network load balancer (NLB) or application load balancer (ALB) if needed? Or, instead, if the load balancer created via the Nebari terraform deploy is somehow managed by Traefik and shouldn't be touched in order to work properly?
Is there any documentation about managing Nebari-connected load balancers that I might have missed? These two pages are the relevant docs I've found: enhanced security and ingress overrides.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
nebari-dev
Uh oh!
There was an error while loading. Please reload this page.
-
I'm trying to understand Nebari/Traefik's connection to the load balancer created in AWS when Nebari is successfully deployed. I'm deploying Nebari to a pre-existing AWS VPC with a public/private subnet architecture that looks like this presently:
When the Nebari terraform deployment completes, an AWS Classic load balancer is created across both AZs (assuming I pass it a subnet from each of the above AZs in my nebari-config.yaml). I also need to have an internal load balancer with no public endpoints due to my networking set up.
Currently, I'm using these annotations to do that:
My main question is: is a Classic load balancer always created by the Traefik k8s LoadBalancer config in Nebari? Or are other types of AWS ELBs sometimes created in different circumstances than mine?
In my case the Classic LB is configured with listener protocols/ports that match the above config in the terraform code (80, 443, 8022, etc), but with corresponding instance protocols/ports that seem arbitrary - or at least not specified in the terraform. I can see in the nebari-traefik-ingress k8s service how the node port settings match the instance ports in the Classic LB, so I think I understand the connection there and more or less how the traffic is routed.
It isn't clear to me:
Is there any documentation about managing Nebari-connected load balancers that I might have missed? These two pages are the relevant docs I've found: enhanced security and ingress overrides.
Thx!
Beta Was this translation helpful? Give feedback.
All reactions