Avisi cloud logo

Kubernetes - Loadbalancer annotations

Available annotations for Kubernetes load balancers by cloud provider

This page lists the available annotations for Kubernetes Loadbalancer Services for each supported Cloud Provider.

Cloud Provider Annotations

AWS

The Annotations for the AWS Loadbalancer services.

AnnotationTypeDescription
service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval(in minutes)
service.beta.kubernetes.io/aws-load-balancer-access-log-enabledboolean
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags(comma-separated list of key=value)
service.beta.kubernetes.io/aws-load-balancer-backend-protocolhttp, https
service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabledboolean
service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout(in seconds)
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout(in seconds, default 60)
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled(true
service.beta.kubernetes.io/aws-load-balancer-extra-security-groups(comma-separated list)
service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold
service.beta.kubernetes.io/aws-load-balancer-internalboolean
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol*
service.beta.kubernetes.io/aws-load-balancer-ssl-cert(IAM or ACM ARN)
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy
service.beta.kubernetes.io/aws-load-balancer-ssl-ports(default *)
service.beta.kubernetes.io/aws-load-balancer-typenlb
service.beta.kubernetes.io/aws-load-balancer-subnetscomma seperated list of subnets this loadbalancer will join

Hetzner

The Annotations for the Hetzner Loadbalancer services. See also hcloud-cloud-controller-manager documentation.

AnnotationTypeDescription
load-balancer.hetzner.cloud/ipv6-disabledbooleanDisables the use of IPv6 for the Load Balancer.Set this annotation if you use external-dns.Default: false.
load-balancer.hetzner.cloud/namestringThe name of the Load Balancer. The name will be visible inthe Hetzner Cloud API console.
load-balancer.hetzner.cloud/disable-public-networkbooleanDisables the public network of the Hetzner CloudLoad Balancer. It will still have a public network assigned, but all traffic is routed over the private network.
load-balancer.hetzner.cloud/disable-private-ingressbooleanDisables the use of the private network foringress.
load-balancer.hetzner.cloud/use-private-ipbooleanConfigures the Load Balancer to use the private IP forLoad Balancer server targets.
load-balancer.hetzner.cloud/hostnamestringSpecifies the hostname of the Load Balancer. This will be used as ingress address instead of the Load Balancer IP addresses if specified.
load-balancer.hetzner.cloud/protocoltcp, http, httpsSpecifies the protocol of the service. Default: tcp
load-balancer.hetzner.cloud/algorithm-typeround_robin, least_connectionsSpecifies the algorithm type of the Load Balancer. Default: round_robin.
load-balancer.hetzner.cloud/typelb11Specifies the type of the Load Balancer. Default: lb11.
load-balancer.hetzner.cloud/locationSpecifies the location where the Load Balancer will becreated in.Changing the location to a different value after the load balancer wascreated has no effect. In order to move a load balancer to a differentlocation it is necessary to delete and re-create it. Note, that thiswill lead to the load balancer getting new public IPs assigned.Mutually exclusive with network-zone.
load-balancer.hetzner.cloud/network-zoneSpecifies the network zone where the Load Balancer will becreated in.Changing the network zone to a different value after the load balancerwas created has no effect. In order to move a load balancer to adifferent network zone it is necessary to delete and re-create it. Note,that this will lead to the load balancer getting new public IPsassigned.Mutually exclusive with location.
load-balancer.hetzner.cloud/node-selectorCan be set to restrict which Nodes are added as targets to the Load Balancer. It accepts a Kubernetes label selector string, using either theset-based or equality-based formats.If the selector can not be parsed, the targets in the Load Balancer are notupdated and an Event is created with the error message.
load-balancer.hetzner.cloud/uses-proxyprotocolSpecifies if the Load Balancer services shoulduse the proxy protocol.Default: false.
load-balancer.hetzner.cloud/http-cookie-namestringSpecifies the cookie name when using HTTP or HTTPS as protocol.
load-balancer.hetzner.cloud/http-cookie-lifetimenumberSpecifies the lifetime of the HTTP cookie.
load-balancer.hetzner.cloud/certificate-typeuploaded, managedDefines the type of certificate the LoadBalancer should use.
load-balancer.hetzner.cloud/http-certificatesstringA comma separated list of IDs or Names of Certificates assigned to the service. HTTPS only.
load-balancer.hetzner.cloud/http-managed-certificate-namestringContains the names of the managed certificate to create by the Cloud Controller manager.
load-balancer.hetzner.cloud/http-managed-certificate-domainsstringContains a coma separated list of thedomain names of the managed certificate. All domains are used to create a single managed certificate.
load-balancer.hetzner.cloud/http-redirect-httpbooleanCreate a redirect from HTTP to HTTPS. HTTPS only.
load-balancer.hetzner.cloud/http-sticky-sessionsEnables the sticky sessions feature of HetznerCloud HTTP Load Balancers.Default: false.
load-balancer.hetzner.cloud/health-check-protocolSets the protocol the health check should beperformed over.Possible values: tcp, http, httpsDefault: tcp.
load-balancer.hetzner.cloud/health-check-portSpecifies the port the health check is be performedon.
load-balancer.hetzner.cloud/health-check-intervalSpecifies the interval in which time we performa health check in seconds.
load-balancer.hetzner.cloud/health-check-timeoutSpecifies the timeout of a single health check.
load-balancer.hetzner.cloud/health-check-retriesSpecifies the number of time a health check isretried until a target is marked as unhealthy.
load-balancer.hetzner.cloud/health-check-http-domainSpecifies the domain we try to access whenperforming the health check.
load-balancer.hetzner.cloud/health-check-http-pathSpecifies the path we try to access whenperforming the health check.
load-balancer.hetzner.cloud/health-check-http-validate-certificateSpecifies whether the healthcheck should validate the SSL certificate that comes from the targetnodes.
load-balancer.hetzner.cloud/http-status-codesA comma separated list of HTTP statuscodes which we expect.

OpenStack

AnnotationTypeDescription
service.beta.kubernetes.io/openstack-internal-load-balancerbooleanindicate that we want an internal loadbalancer service
loadbalancer.openstack.org/floating-network-idstringindicates that it will create a floating IP for the external loadbalancer service on the specified floating network id
loadbalancer.openstack.org/floating-subnet-idstringThe external network subnet used to create floating IP for the load balancer VIP.
loadbalancer.openstack.org/floating-subnetstringA name pattern (glob or regexp if starting with ~) for the external network subnet used to create floating IP for the load balancer VIP
loadbalancer.openstack.org/floating-subnet-tagsstringags for the external network subnet used to create floating IP for the load balancer VIP
loadbalancer.openstack.org/classstringOptional loadbalancer class name
loadbalancer.openstack.org/proxy-protocolbooleanEnable proxy protocol
loadbalancer.openstack.org/connection-limitnumberThe maximum number of connections per second allowed for the listener. Positive integer or -1 for unlimited (default)
loadbalancer.openstack.org/keep-floatingipbooleanIf 'true', the floating IP will NOT be deleted. Default is 'false'.

Last updated on