In the latest docs for the service.beta.kubernetes.io/aws-load-balancer-security-groups annotation there is a note refering to two other annotations that don't seem to be supported for Service.
When this annotation is not present, the controller will automatically create one security group. The security group will be attached to the LoadBalancer and allow access from inbound-cidrs to the listen-ports. Also, the securityGroups for target instances/ENIs will be modified to allow inbound traffic from this securityGroup.
Neither inbound-cidrs or listen-ports annotations exist for the Service (NLB) they do however exist in the Ingress (ALB): alb.ingress.kubernetes.io/listen-ports and alb.ingress.kubernetes.io/inbound-cidrs. It looks like that note in the docs was copied from the Ingress (ALB) docs and is not correct for the Service (NLB).
Not sure if I am misinterpreting something or it's a lapse in the docs, would appreciate a clarification.
Thanks
In the latest docs for the
service.beta.kubernetes.io/aws-load-balancer-security-groups
annotation there is a note refering to two other annotations that don't seem to be supported for Service.Neither
inbound-cidrs
orlisten-ports
annotations exist for the Service (NLB) they do however exist in the Ingress (ALB):alb.ingress.kubernetes.io/listen-ports
andalb.ingress.kubernetes.io/inbound-cidrs
. It looks like that note in the docs was copied from the Ingress (ALB) docs and is not correct for the Service (NLB).Not sure if I am misinterpreting something or it's a lapse in the docs, would appreciate a clarification. Thanks