JupyterHub on EKS is using 2 ELBs

JupyterHub
1

I have JupyterHub setup on EKS. However when I check the Services & Ingress it appears to be using two ELBs.
One Network LB for proxy-public which is acting like an internal LB, and one Applicaton LB for the ingress which is the external LB.
Is the standard EKS setup for JupyterHub meant to be like this? It seems a little excessive and pricey to have two ELB instances for a single cluster. Is it possible to make the internal LB use nginx instead, or do away completely with the internal LB? And if so how do I do that?

$ kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
continuous-image-puller-jsz2b     1/1     Running   0          2d17h
hub-7db55c68c8-fww2k              1/1     Running   0          2d17h
proxy-76f4544b88-dkpr6            1/1     Running   0          2d17h
user-scheduler-559bf77564-7tvqf   1/1     Running   0          2d17h
user-scheduler-559bf77564-jjlmb   1/1     Running   0          2d17h

$ kubectl get svc
NAME           TYPE           CLUSTER-IP       EXTERNAL-IP                                                                PORT(S)        AGE
hub            ClusterIP      10.100.231.92    <none>                                                                     8081/TCP       2d17h
proxy-api      ClusterIP      10.100.108.137   <none>                                                                     8001/TCP       2d17h
proxy-public   LoadBalancer   10.100.26.236    k8s-lab-proxypub-xxxxxxxxx.amazonaws.com   80:32640/TCP   2d17h

$ kubectl get ingress
NAME         CLASS   HOSTS                        ADDRESS                                                             PORTS   AGE
jupyterhub   alb     lab.yyyyyyyy.com   k8s-lab-jupyterh-xxxxxxxxxxx.elb.amazonaws.com   80      2d17h

My helm config is as below…

singleuser:
  defaultUrl: "/lab"
  extraEnv:
    JUPYTERHUB_SINGLEUSER_APP: "jupyter_server.serverapp.ServerApp"

ingress:
  enabled: true
  hosts:
    - lab.yyyyyyyy.com
  ingressClassName: alb
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/certificate-arn: zzzzzzzzzzzzzz
    alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01 
    alb.ingress.kubernetes.io/ssl-redirect: '443'
2

If you’re using an ingress you can disable the proxy loadbalancer by setting proxy.service.type=ClusterIP

3

If you have a k8s cluster for use by anything more than jupyterhub, it can make sense to use ingress-nginx to distribute traffic internally via a single cluster entrypoint (k8s Service of type LoadBalanacer, mapping to some AWS load balancer infra).

For clusters i work with, they all have ingress-nginx + cert-manager installed to support the other stuff we deploy in the cluster.

4

Thank you, specifying ClusterIP worked.
For anyone else stumbling on this post, please note you will also need to add this to your ingress.annotations
alb.ingress.kubernetes.io/target-type: 'ip'

1 Like