I have an EKS cluster (private+public). I'd like to use Traefik (with Gateway API) to access my apps in the cluster. I'd like to have an internal load balancer, the apps should not be accessible over the Internet. In preparation for this I've:
- Installed Gateway API's CRDs
v1.5.1/standard-install.yaml. - labeled my private subnets with:
kubernetes.io/role/internal-elb: 1kubernetes.io/cluster/eks-a:`` shared
I've then installed version 40.2.0 of the traefik Helm chart with the following values. This, however, deploys a traefik k8s service of type LoadBalancer with an Internet facing external IP (e.g. ....c-......970.us-east-1.elb.amazonaws.com) - this corresponds on the AWS side to a classic load balancer with a scheme equal to Internet-facing. This doesn't seem right given my scheme in internal via the values below. I'm still wrapping my head around what role the aws-load-balancer-controller plays here (note this is NOT installed on the cluster). Thanks for the help.
deployment:
replicas: 2
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
ingressClass:
enabled: false
providers:
kubernetesIngress:
enabled: false
kubernetesGateway:
enabled: true
gateway:
listeners:
web:
namespacePolicy:
from: All