Ingress-nginx configuration required to add a Security Group to an NLB at creation time

950 views Asked by At

I have an AWS EKS version 1.26 cluster up and hosting a Java application. I am managing ingress configurations by running a ingress-nginx controller version 4.5.2. Through ingress-nginx I have configured an external NLB with the following configuration yaml file and helm command:

external-controller.yaml

defaultBackend:
  nodeSelector:
    kubernetes.io/os: "linux"

controller:
  replicaCount: 2
  nodeSelector:
    kubernetes.io/os: "linux"
  ingressClassResource:
    name: nginx-ext
    enabled: true
    default: false
    controllerValue: "example.com/ingress-nginx-ext"
  ingressClass: nginx-ext
  ingressClassByName: true
  service:
    # Enable the external LB
    external:
      enabled: true
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-internal: "false"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
      service.beta.kubernetes.io/aws-load-balancer-type: nlb

Helm command

 helm install "ext-nginx-ingress-controller" ingress-nginx/ingress-nginx \
 --namespace "ext-ingress" \
 --version 4.5.2 \
 -f "external-controller.yaml"

Executing this helm command results in the creation of a internet-facing NLB, which is exactly what I want. That said what is not to my liking is that in the AWS console if I check the Security tab under this NLB I just created I see the following message:

No security group associated

Because this load balancer was created without a security group, these settings can't be changed. To utilize security groups, ensure that one is specified during creation of the load balancer.

What do I need to add to external-controller.yaml to get a security groups associated to my NLB at creation time?

Any help is appreciated, thanks.

0

There are 0 answers