kubernetes · luckyganesh · Aug 30, 2025 · Sep 26, 2025 · mtulio · Sep 25, 2025
diff --git a/pkg/providers/v1/aws.go b/pkg/providers/v1/aws.go
@@ -227,6 +227,11 @@ const ServiceAnnotationLoadBalancerTargetGroupAttributes = "service.beta.kuberne
 // static IP addresses for the NLB. Only supported on elbv2 (NLB)
 const ServiceAnnotationLoadBalancerEIPAllocations = "service.beta.kubernetes.io/aws-load-balancer-eip-allocations"
 
+// ServiceAnnotationLoadBalancerPrivateIPv4Addresses is the annotation used on the
+// service to specify a comma separated list of Private IPv4 addresses to use as
+// static IP addresses for the NLB. Only supported on elbv2 (NLB)
+const ServiceAnnotationLoadBalancerPrivateIPv4Addresses = "service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses"
+
 // ServiceAnnotationLoadBalancerTargetNodeLabels is the annotation used on the service
 // to specify a comma-separated list of key-value pairs which will be used to select
 // the target nodes for the load balancer

diff --git a/pkg/providers/v1/aws_loadbalancer.go b/pkg/providers/v1/aws_loadbalancer.go
@@ -177,9 +177,17 @@ func (c *Cloud) ensureLoadBalancerv2(ctx context.Context, namespacedName types.N
 			}
 		}
 
+		var privateIPv4Addresses []string
+		if privateIPList, present := annotations[ServiceAnnotationLoadBalancerPrivateIPv4Addresses]; present {
+			privateIPv4Addresses = strings.Split(privateIPList, ",")
+			if len(privateIPv4Addresses) != len(discoveredSubnetIDs) {
+				return nil, fmt.Errorf("error creating load balancer: Must have same number of Private IPv4Addresses (%d) and SubnetIDs (%d)", len(privateIPv4Addresses), len(discoveredSubnetIDs))
+			}
+		}
+
 		// We are supposed to specify one subnet per AZ.
 		// TODO: What happens if we have more than one subnet per AZ?
-		createRequest.SubnetMappings = createSubnetMappings(discoveredSubnetIDs, allocationIDs)
+		createRequest.SubnetMappings = createSubnetMappings(discoveredSubnetIDs, allocationIDs, privateIPv4Addresses)
 
 		for k, v := range tags {
 			createRequest.Tags = append(createRequest.Tags, elbv2types.Tag{
@@ -1466,14 +1474,17 @@ func elbListenersAreEqual(actual, expected elbtypes.Listener) bool {
 	return true
 }
 
-func createSubnetMappings(subnetIDs []string, allocationIDs []string) []elbv2types.SubnetMapping {
+func createSubnetMappings(subnetIDs []string, allocationIDs []string, privateIPv4Addresses []string) []elbv2types.SubnetMapping {
 	response := []elbv2types.SubnetMapping{}
 
 	for index, id := range subnetIDs {
 		sm := elbv2types.SubnetMapping{SubnetId: aws.String(id)}
 		if len(allocationIDs) > 0 {
 			sm.AllocationId = aws.String(allocationIDs[index])
 		}
+		if len(privateIPv4Addresses) > 0 {
+			sm.PrivateIPv4Address = aws.String(privateIPv4Addresses[index])
+		}
 		response = append(response, sm)
 	}
 

diff --git a/pkg/providers/v1/aws_loadbalancer_test.go b/pkg/providers/v1/aws_loadbalancer_test.go
@@ -1312,6 +1312,70 @@ func TestCloud_buildTargetGroupAttributes(t *testing.T) {
 	}
 }
 
+func TestCreateSubnetMappings(t *testing.T) {
+	tests := []struct {
+		name                   string
+		subnetIDs              []string
+		allocationIDs          []string
+		privateIPv4Addresses   []string
+		expectedSubnetMappings []elbv2types.SubnetMapping
+	}{
+		{
+			name:                 "Add allocation ids",
+			subnetIDs:            []string{"subnet-1234", "subnet-3456"},
+			allocationIDs:        []string{"eipalloc-2345", "eipalloc-4567"},
+			privateIPv4Addresses: []string{},
+			expectedSubnetMappings: []elbv2types.SubnetMapping{
+				{
+					SubnetId:     aws.String("subnet-1234"),
+					AllocationId: aws.String("eipalloc-2345"),
+				},
+				{
+					SubnetId:     aws.String("subnet-3456"),
+					AllocationId: aws.String("eipalloc-4567"),
+				},
+			},
+		},
+		{
+			name:                 "Add Private ip address",
+			subnetIDs:            []string{"subnet-1234", "subnet-3456"},
+			allocationIDs:        []string{},
+			privateIPv4Addresses: []string{"10.1.2.3", "10.2.3.4"},
+			expectedSubnetMappings: []elbv2types.SubnetMapping{
+				{
+					SubnetId:           aws.String("subnet-1234"),
+					PrivateIPv4Address: aws.String("10.1.2.3"),
+				},
+				{
+					SubnetId:           aws.String("subnet-3456"),
+					PrivateIPv4Address: aws.String("10.2.3.4"),
+				},
+			},
+		},
+		{
+			name:                 "No private ips and allocation ids",
+			subnetIDs:            []string{"subnet-1234", "subnet-3456"},
+			allocationIDs:        []string{},
+			privateIPv4Addresses: []string{},
+			expectedSubnetMappings: []elbv2types.SubnetMapping{
+				{
+					SubnetId: aws.String("subnet-1234"),
+				},
+				{
+					SubnetId: aws.String("subnet-3456"),
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actualSubnetMappings := createSubnetMappings(tt.subnetIDs, tt.allocationIDs, tt.privateIPv4Addresses)
+			assert.Equal(t, tt.expectedSubnetMappings, actualSubnetMappings)
+		})
+	}
+}
+
 // Unit test generated by Cursor AI
 func TestGetKeyValuePropertiesFromAnnotation_TargetGroupAttributes(t *testing.T) {
 	tests := []struct {