Dynamically apply SG rule to proxy-public ELB? ( for JHub on EKS)

wierzba3 · August 8, 2019, 9:27pm

I specify an AWS load balancer in my helm config like so:

  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <<my_cert_arn>>
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "1800"

This creates an ELB that points to jhub

I want to know if there is any way for me to configure ingress rules on the SG that is associated with this ELB? (It creates a SG implicitly, it seeems)

I need to restrict access to this ELB, based on SG rules. This causes problems when we iterate on the helm release. When the helm release is re-created, the ELB and SG are re-created, and the ingress rules are lost. The developer must remember to add them back each time.

Topic		Replies	Views
Good way to whitelist ingress traffic for JHub on EKS (AWS kubernetes)? JupyterHub	0	586	October 2, 2019
Jupyterhub deploying proxy public as CLB Zero to JupyterHub on Kubernetes	2	129	January 23, 2024
JupyterHub proxy-public svc has no external IP (stuck in <pending>) JupyterHub	1	1435	November 26, 2019
Trouble configuring Ingress for Helm Chart Zero to JupyterHub on Kubernetes how-to	4	2151	July 9, 2020
Helming Jupyterhub on K3S - public proxy loadbalancer http port Zero to JupyterHub on Kubernetes	2	1087	April 26, 2022

Dynamically apply SG rule to proxy-public ELB? ( for JHub on EKS)

Related Topics