github.com/projectcontour/contour@v1.28.2/site/content/guides/deploy-aws-nlb.md

github.com/projectcontour/contour@v1.28.2/site/content/guides/deploy-aws-nlb.md (about)

     1  ---
     2  title: Deploying Contour on AWS with NLB
     3  layout: page
     4  ---
     5  
     6  This is an advanced deployment guide to configure Contour on AWS with the [Network Load Balancer (NLB)][1].
     7  This configuration has several advantages:
     8  
     9  1. NLBs are often cheaper. This is especially true for development. Idle LBs do not cost money.
    10  2. There are no extra network hops. Traffic goes to the NLB, to the node hosting Contour, and then to the target pod.
    11  3. Source IP addresses are retained. Envoy (running as part of Contour) sees the native source IP address and records this with an `X-Forwarded-For` header.
    12  
    13  ## Moving parts
    14  
    15  - We run Envoy as a DaemonSet across the cluster and Contour as a deployment
    16  - The Envoy pod runs on host ports 80 and 443 on the node
    17  - Host networking means that traffic hits Envoy without transitioning through any other fancy networking hops
    18  - Contour also binds to 8001 for Envoy->Contour config traffic.
    19  
    20  ## Deploying Contour
    21  
    22  1. [Clone the Contour repository][4] and cd into the repo 
    23  2. Edit the Envoy service (`02-service-envoy.yaml`) in the `examples/contour` directory:
    24      - Remove the existing annotation: `service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp`
    25      - Add the following annotation: `service.beta.kubernetes.io/aws-load-balancer-type: nlb`
    26  3. Run `kubectl apply -f examples/contour`
    27  
    28  This creates the `projectcontour` Namespace along with a ServiceAccount, RBAC rules, Contour Deployment and an Envoy DaemonSet. 
    29  It also creates the NLB based loadbalancer for you.
    30  
    31  You can get the address of your NLB via:
    32  
    33  ```
    34  $ kubectl get service envoy --namespace=projectcontour -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
    35  ```
    36  
    37  ## Test
    38  
    39  You can now test your NLB.
    40  
    41  1. Install a workload (see the kuard example in the [main deployment guide][2]).
    42  2. Look up the address for your NLB in the AWS console and enter it in your browser.
    43    - Notice that Envoy fills out `X-Forwarded-For`, because it was the first to see the traffic directly from the browser.
    44  
    45  [1]: https://aws.amazon.com/blogs/aws/new-network-load-balancer-effortless-scaling-to-millions-of-requests-per-second/
    46  [2]: /docs/{{< param latest_version >}}/deploy-options/#testing-your-installation
    47  [3]: https://github.com/kubernetes/kubernetes/issues/52173
    48  [4]: {{< param github_url >}}/tree/{{< param latest_version >}}