AWS LoadBalancer Internet-Facing and Internal

We have a sharded setup with 3 mongos and 1 AWS LoadBalancer

using:

expose:
exposeType: LoadBalancer
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-internal: false
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: TCP

This creates a LoadBalancer internet-facing

The K8s Cluster and our EC2 NodeJS servers are on the same VPC we want to make sure that the traffic is going only in the VPC (cost of internet traffic $0.09, VPC $0.01). When I query the IP of the LoadBalancer from the EC2 it gives the public IP address, but we also want to have the ability to connect from the internet (with security-group)

How can we achieve this?

Thank you for your help.

Welcome to the Percona Community Forum @Pierre-Andre_Manseau

AWS approach is to create an Internet-facing Load Balancer for public networks access and an another Internal Load Balancer for access within the VPC, then Load Balancers can use same Target Group or AutoScaling Groups to access your K8s cluster

To create an Internal or Internet-facing Load Balancer is done by selecting a different Scheme when creating the Load Balancer

Even though Internet-facing Load Balancers has a private IP in a VPC they’re not accessible using private IPs or they might change over time

I hope you find this information helpful
Cheers!

Thank you for your answer @hernan.garcia

IaC (Infrastructure as Code) it would be nice to be able to specify this in the YAML file instead of having to do it manually.

What about creating an Nginx Ingress and connecting the ELB to it then for the VPC connections to use the Nginx directly?

We need to ensure that if the IP addresses change, the DNS is updated automatically.