|
13 | 13 | These annotations are specific to the kubernetes [service resources reconciled](#lb-type) by the AWS Load Balancer Controller. Although the list was initially derived from the k8s in-tree `kube-controller-manager`, this |
14 | 14 | documentation is not an accurate reference for the services reconciled by the in-tree controller. |
15 | 15 |
|
| 16 | +<<<<<<< HEAD |
16 | 17 | | Name | Type | Default | Notes | |
17 | 18 | |--------------------------------------------------------------------------------------------------|-------------------------|---------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
18 | 19 | | [service.beta.kubernetes.io/load-balancer-source-ranges](#lb-source-ranges) | stringList | | | |
|
51 | 52 | | [service.beta.kubernetes.io/aws-load-balancer-attributes](#load-balancer-attributes) | stringMap | | | |
52 | 53 | | [service.beta.kubernetes.io/aws-load-balancer-security-groups](#security-groups) | stringList | | | |
53 | 54 | | [service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules](#manage-backend-sg-rules) | boolean | true | If `service.beta.kubernetes.io/aws-load-balancer-security-groups` is specified, this must also be explicitly specified otherwise it defaults to `false`. | |
| 55 | +======= |
| 56 | +| Name | Type | Default | Notes | |
| 57 | +|--------------------------------------------------------------------------------------------------|-------------------------|---------------------------|--------------------------------------------------------| |
| 58 | +| [service.beta.kubernetes.io/load-balancer-source-ranges](#lb-source-ranges) | stringList | | | |
| 59 | +| [service.beta.kubernetes.io/aws-load-balancer-nlb-shield-advanced-protection](#shield-advanced-protection) | boolean | false | | |
| 60 | +| [service.beta.kubernetes.io/aws-load-balancer-security-group-prefix-lists](#lb-security-group-prefix-lists) | stringList | | | |
| 61 | +| [service.beta.kubernetes.io/aws-load-balancer-type](#lb-type) | string | | | |
| 62 | +| [service.beta.kubernetes.io/aws-load-balancer-nlb-target-type](#nlb-target-type) | string | | default `instance` in case of LoadBalancerClass | |
| 63 | +| [service.beta.kubernetes.io/aws-load-balancer-name](#load-balancer-name) | string | | | |
| 64 | +| [service.beta.kubernetes.io/aws-load-balancer-internal](#lb-internal) | boolean | false | deprecated, in favor of [aws-load-balancer-scheme](#lb-scheme)| |
| 65 | +| [service.beta.kubernetes.io/aws-load-balancer-scheme](#lb-scheme) | string | internal | | |
| 66 | +| [service.beta.kubernetes.io/aws-load-balancer-proxy-protocol](#proxy-protocol-v2) | string | | Set to `"*"` to enable | |
| 67 | +| [service.beta.kubernetes.io/aws-load-balancer-ip-address-type](#ip-address-type) | string | ipv4 | ipv4 \| dualstack | |
| 68 | +| [service.beta.kubernetes.io/aws-load-balancer-access-log-enabled](#deprecated-attributes) | boolean | false | deprecated, in favor of [aws-load-balancer-attributes](#load-balancer-attributes)| |
| 69 | +| [service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name](#deprecated-attributes) | string | | deprecated, in favor of [aws-load-balancer-attributes](#load-balancer-attributes)| |
| 70 | +| [service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix](#deprecated-attributes)| string | | deprecated, in favor of [aws-load-balancer-attributes](#load-balancer-attributes)| |
| 71 | +| [service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled](#deprecated-attributes)| boolean | false | deprecated, in favor of [aws-load-balancer-attributes](#load-balancer-attributes)| |
| 72 | +| [service.beta.kubernetes.io/aws-load-balancer-ssl-cert](#ssl-cert) | stringList | | | |
| 73 | +| [service.beta.kubernetes.io/aws-load-balancer-ssl-ports](#ssl-ports) | stringList | | | |
| 74 | +| [service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy](#ssl-negotiation-policy) | string | ELBSecurityPolicy-2016-08 | | |
| 75 | +| [service.beta.kubernetes.io/aws-load-balancer-backend-protocol](#backend-protocol) | string | | | |
| 76 | +| [service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags](#additional-resource-tags) | stringMap | | | |
| 77 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol](#healthcheck-protocol) | string | TCP | | |
| 78 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-port ](#healthcheck-port) | integer \| traffic-port | traffic-port | | |
| 79 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-path](#healthcheck-path) | string | "/" for HTTP(S) protocols | | |
| 80 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold](#healthcheck-healthy-threshold) | integer | 3 | | |
| 81 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold](#healthcheck-unhealthy-threshold) | integer | 3 | | |
| 82 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout](#healthcheck-timeout) | integer | 10 | | |
| 83 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval](#healthcheck-interval) | integer | 10 | | |
| 84 | +| [service.beta.kubernetes.io/aws-load-balancer-healthcheck-success-codes](#healthcheck-success-codes) | string | 200-399 | | |
| 85 | +| [service.beta.kubernetes.io/aws-load-balancer-eip-allocations](#eip-allocations) | stringList | | internet-facing lb only. Length must match the number of subnets| |
| 86 | +| [service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses](#private-ipv4-addresses) | stringList | | internal lb only. Length must match the number of subnets | |
| 87 | +| [service.beta.kubernetes.io/aws-load-balancer-ipv6-addresses](#ipv6-addresses) | stringList | | dualstack lb only. Length must match the number of subnets | |
| 88 | +| [service.beta.kubernetes.io/aws-load-balancer-target-group-attributes](#target-group-attributes) | stringMap | | | |
| 89 | +| [service.beta.kubernetes.io/aws-load-balancer-subnets](#subnets) | stringList | | | |
| 90 | +| [service.beta.kubernetes.io/aws-load-balancer-alpn-policy](#alpn-policy) | string | | | |
| 91 | +| [service.beta.kubernetes.io/aws-load-balancer-target-node-labels](#target-node-labels) | stringMap | | | |
| 92 | +| [service.beta.kubernetes.io/aws-load-balancer-attributes](#load-balancer-attributes) | stringMap | | | |
| 93 | +| [service.beta.kubernetes.io/aws-load-balancer-security-groups](#security-groups) | stringList | | | |
| 94 | +| [service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules](#manage-backend-sg-rules) | boolean | true | If `service.beta.kubernetes.io/aws-load-balancer-security-groups` is specified, this must also be explicitly specified otherwise it defaults to `false`. | |
| 95 | +>>>>>>> c937f38 (update guide with details for advanced sheild annotation for nlb) |
54 | 96 | | [service.beta.kubernetes.io/aws-load-balancer-inbound-sg-rules-on-private-link-traffic](#update-security-settings) | string | | |
55 | 97 | | [service.beta.kubernetes.io/aws-load-balancer-listener-attributes.${Protocol}-${Port}](#listener-attributes) | stringMap | | |
56 | 98 | | [service.beta.kubernetes.io/aws-load-balancer-multi-cluster-target-group](#multi-cluster-target-group) | boolean | false | If specified, the controller will only operate on targets that exist within the cluster, ignoring targets from other sources. | |
@@ -580,6 +622,20 @@ Load balancer access can be controlled via following annotations: |
580 | 622 | ``` |
581 | 623 |
|
582 | 624 |
|
| 625 | +- <a name="shield-advanced-protection">`service.beta.kubernetes.io/aws-load-balancer-nlb-shield-advanced-protection`</a> turns on / off the AWS Shield Advanced protection for the network load balancer. |
| 626 | +
|
| 627 | + !!!note "" |
| 628 | + When this annotation is absent, the controller will keep LoadBalancer shield protection settings unchanged. |
| 629 | + To disable shield protection, explicitly set the annotation value to 'false'. |
| 630 | +
|
| 631 | + !!!example |
| 632 | + - enable shield protection |
| 633 | + ```service.beta.kubernetes.io/aws-load-balancer-nlb-shield-advanced-protection: 'true' |
| 634 | + ``` |
| 635 | + - disable shield protection |
| 636 | + ```service.beta.kubernetes.io/aws-load-balancer-nlb-shield-advanced-protection: 'false' |
| 637 | + ``` |
| 638 | +
|
583 | 639 | ## Legacy Cloud Provider |
584 | 640 | The AWS Load Balancer Controller manages Kubernetes Services in a compatible way with the AWS cloud provider's legacy service controller. |
585 | 641 |
|
|
0 commit comments