I have JupyterHub setup on EKS. However when I check the Services & Ingress it appears to be using two ELBs.
One Network LB for proxy-public which is acting like an internal LB, and one Applicaton LB for the ingress which is the external LB.
Is the standard EKS setup for JupyterHub meant to be like this? It seems a little excessive and pricey to have two ELB instances for a single cluster. Is it possible to make the internal LB use nginx instead, or do away completely with the internal LB? And if so how do I do that?
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
continuous-image-puller-jsz2b 1/1 Running 0 2d17h
hub-7db55c68c8-fww2k 1/1 Running 0 2d17h
proxy-76f4544b88-dkpr6 1/1 Running 0 2d17h
user-scheduler-559bf77564-7tvqf 1/1 Running 0 2d17h
user-scheduler-559bf77564-jjlmb 1/1 Running 0 2d17h
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hub ClusterIP 10.100.231.92 <none> 8081/TCP 2d17h
proxy-api ClusterIP 10.100.108.137 <none> 8001/TCP 2d17h
proxy-public LoadBalancer 10.100.26.236 k8s-lab-proxypub-xxxxxxxxx.amazonaws.com 80:32640/TCP 2d17h
$ kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
jupyterhub alb lab.yyyyyyyy.com k8s-lab-jupyterh-xxxxxxxxxxx.elb.amazonaws.com 80 2d17h
My helm config is as below…
singleuser:
defaultUrl: "/lab"
extraEnv:
JUPYTERHUB_SINGLEUSER_APP: "jupyter_server.serverapp.ServerApp"
ingress:
enabled: true
hosts:
- lab.yyyyyyyy.com
ingressClassName: alb
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/certificate-arn: zzzzzzzzzzzzzz
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01
alb.ingress.kubernetes.io/ssl-redirect: '443'