Skip to content

Find NLB IPs the documented way #605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
daxelrod-rh wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Find NLB IPs the documented way #605

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 15 additions & 20 deletions content/rosa/hcp-private-nlb/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ title: Securely exposing an application on a private ROSA cluser with an AWS Net
tags: ["AWS", "ROSA"]
authors:
- Kevin Collins
- Daniel Axelrod
---
## Overview

Expand Down Expand Up @@ -174,31 +175,23 @@ spec:
EOF
```

Get the newly created Network Load Balancer hostname and IP addresses
### Find the hostname and IP addresses of the newly created NLB

> if using a jump host of 'oc' command run this command there.
```bash
NLB_HOSTNAME=$(oc get service -n openshift-ingress router-${INGRESS_NAME} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo $NLB_HOSTNAME
```
Wait a few minutes for the new IngressController to finish provisioning its Network Load Balancer.

Copy the output of the above command to a new environment variable on your workstation
AWS guarantees that the listner IP addresses of Network Load Balancers will not change for the lifetime of the Load Balancer.

Example:
```bash
export NLB_HOST_NAME=a0df2223a72244f78806ff46230e2dd6-516fc9d40188cfa3.elb.us-east-1.amazonaws.com
```
To find the IP addresses of those listeners, we need to [search for network interfaces whose description field has a suffix of the NLB's ARN](https://repost.aws/knowledge-center/elb-find-load-balancer-ip).

Wait a few minutes for the load balancer to be provisioned and run these commands. If they don't return with IP addresses, just wait a while and run then again.
> if using a jump host of 'oc' command run this command there.

```bash
export NLB_IP_1=$(nslookup $NLB_HOSTNAME | grep Address | sed -n 2p | cut -d ' ' -f 2)

echo $NLB_IP_1

export NLB_IP_2=$(nslookup $NLB_HOSTNAME | grep Address | sed -n 3p | cut -d ' ' -f 2)

echo $NLB_IP_2
NLB_HOSTNAME=$(oc get svc -n openshift-ingress router-$INGRESS_NAME -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
aws ec2 describe-network-interfaces --filters Name=description,Values="ELB elb-name" --query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress' --output text
NLB_ARN=$(aws us-east-1 elbv2 describe-load-balancers --query "LoadBalancers[?DNSName == '$NLB_HOSTNAME'].LoadBalancerArn" --output text)
NLB_ARN_SUFFIX=$(echo $NLB_ARN | sed 's/.*loadbalancer\///')
NLB_LISTENER_IPS=$(aws ec2 describe-network-interfaces --filters Name=description,Values="ELB $NLB_ARN_SUFFIX" --query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress' --output text)
echo $NLB_LISTENER_IPS
```

## Update DNS records
Expand Down Expand Up @@ -229,7 +222,9 @@ echo $TARGET_GROUP_ARN
Register the targets for the AWS Network Load Balancer that was created when we added the second IngressController

```bash
aws elbv2 register-targets --target-group-arn $TARGET_GROUP_ARN --targets Id=$NLB_IP_1,Port=443,AvailabilityZone=all Id=$NLB_IP_2,Port=443,AvailabilityZone=all
while IFS= read -r ip || [[ -n $ip ]]; do
aws elbv2 register-targets --target-group-arn $TARGET_GROUP_ARN --targets ID=$ip,Port=443,AvailabilityZone=all
done < <(printf '%s' "$NLB_LISTENER_IPS")
```

Create a security group for the public load balancer
Expand Down