Kubernetes - Loadbalancer annotations
Available annotations for Kubernetes load balancers by cloud provider
This page lists the available annotations for Kubernetes Loadbalancer Services for each supported Cloud Provider.
Cloud Provider Annotations
AWS
The Annotations for the AWS Loadbalancer services.
| Annotation | Type | Description |
|---|---|---|
service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval | (in minutes) | |
service.beta.kubernetes.io/aws-load-balancer-access-log-enabled | boolean | |
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name | ||
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix | ||
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags | (comma-separated list of key=value) | |
service.beta.kubernetes.io/aws-load-balancer-backend-protocol | http, https | |
service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled | boolean | |
service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout | (in seconds) | |
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout | (in seconds, default 60) | |
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled | (true | |
service.beta.kubernetes.io/aws-load-balancer-extra-security-groups | (comma-separated list) | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold | ||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval | ||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout | ||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold | ||
service.beta.kubernetes.io/aws-load-balancer-internal | boolean | |
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol | * | |
service.beta.kubernetes.io/aws-load-balancer-ssl-cert | (IAM or ACM ARN) | |
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy | ||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports | (default *) | |
service.beta.kubernetes.io/aws-load-balancer-type | nlb | |
service.beta.kubernetes.io/aws-load-balancer-subnets | comma seperated list of subnets this loadbalancer will join |
Hetzner
The Annotations for the Hetzner Loadbalancer services. See also hcloud-cloud-controller-manager documentation.
| Annotation | Type | Description |
|---|---|---|
load-balancer.hetzner.cloud/ipv6-disabled | boolean | Disables the use of IPv6 for the Load Balancer.Set this annotation if you use external-dns.Default: false. |
load-balancer.hetzner.cloud/name | string | The name of the Load Balancer. The name will be visible inthe Hetzner Cloud API console. |
load-balancer.hetzner.cloud/disable-public-network | boolean | Disables the public network of the Hetzner CloudLoad Balancer. It will still have a public network assigned, but all traffic is routed over the private network. |
load-balancer.hetzner.cloud/disable-private-ingress | boolean | Disables the use of the private network foringress. |
load-balancer.hetzner.cloud/use-private-ip | boolean | Configures the Load Balancer to use the private IP forLoad Balancer server targets. |
load-balancer.hetzner.cloud/hostname | string | Specifies the hostname of the Load Balancer. This will be used as ingress address instead of the Load Balancer IP addresses if specified. |
load-balancer.hetzner.cloud/protocol | tcp, http, https | Specifies the protocol of the service. Default: tcp |
load-balancer.hetzner.cloud/algorithm-type | round_robin, least_connections | Specifies the algorithm type of the Load Balancer. Default: round_robin. |
load-balancer.hetzner.cloud/type | lb11 | Specifies the type of the Load Balancer. Default: lb11. |
load-balancer.hetzner.cloud/location | Specifies the location where the Load Balancer will becreated in.Changing the location to a different value after the load balancer wascreated has no effect. In order to move a load balancer to a differentlocation it is necessary to delete and re-create it. Note, that thiswill lead to the load balancer getting new public IPs assigned.Mutually exclusive with network-zone. | |
load-balancer.hetzner.cloud/network-zone | Specifies the network zone where the Load Balancer will becreated in.Changing the network zone to a different value after the load balancerwas created has no effect. In order to move a load balancer to adifferent network zone it is necessary to delete and re-create it. Note,that this will lead to the load balancer getting new public IPsassigned.Mutually exclusive with location. | |
load-balancer.hetzner.cloud/node-selector | Can be set to restrict which Nodes are added as targets to the Load Balancer. It accepts a Kubernetes label selector string, using either theset-based or equality-based formats.If the selector can not be parsed, the targets in the Load Balancer are notupdated and an Event is created with the error message. | |
load-balancer.hetzner.cloud/uses-proxyprotocol | Specifies if the Load Balancer services shoulduse the proxy protocol.Default: false. | |
load-balancer.hetzner.cloud/http-cookie-name | string | Specifies the cookie name when using HTTP or HTTPS as protocol. |
load-balancer.hetzner.cloud/http-cookie-lifetime | number | Specifies the lifetime of the HTTP cookie. |
load-balancer.hetzner.cloud/certificate-type | uploaded, managed | Defines the type of certificate the LoadBalancer should use. |
load-balancer.hetzner.cloud/http-certificates | string | A comma separated list of IDs or Names of Certificates assigned to the service. HTTPS only. |
load-balancer.hetzner.cloud/http-managed-certificate-name | string | Contains the names of the managed certificate to create by the Cloud Controller manager. |
load-balancer.hetzner.cloud/http-managed-certificate-domains | string | Contains a coma separated list of thedomain names of the managed certificate. All domains are used to create a single managed certificate. |
load-balancer.hetzner.cloud/http-redirect-http | boolean | Create a redirect from HTTP to HTTPS. HTTPS only. |
load-balancer.hetzner.cloud/http-sticky-sessions | Enables the sticky sessions feature of HetznerCloud HTTP Load Balancers.Default: false. | |
load-balancer.hetzner.cloud/health-check-protocol | Sets the protocol the health check should beperformed over.Possible values: tcp, http, httpsDefault: tcp. | |
load-balancer.hetzner.cloud/health-check-port | Specifies the port the health check is be performedon. | |
load-balancer.hetzner.cloud/health-check-interval | Specifies the interval in which time we performa health check in seconds. | |
load-balancer.hetzner.cloud/health-check-timeout | Specifies the timeout of a single health check. | |
load-balancer.hetzner.cloud/health-check-retries | Specifies the number of time a health check isretried until a target is marked as unhealthy. | |
load-balancer.hetzner.cloud/health-check-http-domain | Specifies the domain we try to access whenperforming the health check. | |
load-balancer.hetzner.cloud/health-check-http-path | Specifies the path we try to access whenperforming the health check. | |
load-balancer.hetzner.cloud/health-check-http-validate-certificate | Specifies whether the healthcheck should validate the SSL certificate that comes from the targetnodes. | |
load-balancer.hetzner.cloud/http-status-codes | A comma separated list of HTTP statuscodes which we expect. |
OpenStack
| Annotation | Type | Description |
|---|---|---|
service.beta.kubernetes.io/openstack-internal-load-balancer | boolean | indicate that we want an internal loadbalancer service |
loadbalancer.openstack.org/floating-network-id | string | indicates that it will create a floating IP for the external loadbalancer service on the specified floating network id |
loadbalancer.openstack.org/floating-subnet-id | string | The external network subnet used to create floating IP for the load balancer VIP. |
loadbalancer.openstack.org/floating-subnet | string | A name pattern (glob or regexp if starting with ~) for the external network subnet used to create floating IP for the load balancer VIP |
loadbalancer.openstack.org/floating-subnet-tags | string | ags for the external network subnet used to create floating IP for the load balancer VIP |
loadbalancer.openstack.org/class | string | Optional loadbalancer class name |
loadbalancer.openstack.org/proxy-protocol | boolean | Enable proxy protocol |
loadbalancer.openstack.org/connection-limit | number | The maximum number of connections per second allowed for the listener. Positive integer or -1 for unlimited (default) |
loadbalancer.openstack.org/keep-floatingip | boolean | If 'true', the floating IP will NOT be deleted. Default is 'false'. |
Last updated on