diff --git a/README.md b/README.md
index 12f1a1d..008ee0e 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,7 @@ No modules.
| [cluster\_domain\_name](#input\_cluster\_domain\_name) | The cluster domain used for externalDNS annotations and certmanager | `any` | n/a | yes |
| [controller\_name](#input\_controller\_name) | Will be used as the ingress controller name and the class annotation | `string` | n/a | yes |
| [default\_cert](#input\_default\_cert) | Useful if you want to use a default certificate for your ingress controller. Format: namespace/secretName | `string` | `"ingress-controllers/default-certificate"` | no |
+| [enable\_cross\_zone\_lb](#input\_enable\_cross\_zone\_lb) | cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones | `bool` | `true` | no |
| [enable\_external\_dns\_annotation](#input\_enable\_external\_dns\_annotation) | Add external dns annotation for service | `bool` | `false` | no |
| [enable\_latest\_tls](#input\_enable\_latest\_tls) | Provide support to tlsv1.3 along with tlsv1.2 | `bool` | `false` | no |
| [enable\_modsec](#input\_enable\_modsec) | Enable https://github.com/SpiderLabs/ModSecurity-nginx | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
index 3a415c0..553fd5c 100644
--- a/main.tf
+++ b/main.tf
@@ -61,7 +61,9 @@ resource "helm_release" "nginx_ingress" {
enable_owasp = var.enable_owasp
keepalive = var.keepalive
# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time
- upstream_keepalive_time = var.upstream_keepalive_time
+ upstream_keepalive_time = var.upstream_keepalive_time
+ # https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#cross-zone-load-balancing
+ enable_cross_zone_lb = var.enable_cross_zone_lb
proxy_response_buffering = var.proxy_response_buffering
default = var.controller_name == "default" ? true : false
name_override = "ingress-${var.controller_name}"
diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
index 68a9880..3deba35 100644
--- a/templates/values.yaml.tpl
+++ b/templates/values.yaml.tpl
@@ -254,7 +254,7 @@ controller:
%{~ endif ~}
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
- service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+ service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "${enable_cross_zone_lb}"
externalTrafficPolicy: "Local"
%{ if default_cert != "" }
diff --git a/variables.tf b/variables.tf
index 010920a..9bfcccf 100644
--- a/variables.tf
+++ b/variables.tf
@@ -80,6 +80,12 @@ variable "upstream_keepalive_time" {
default = "1h"
}
+variable "enable_cross_zone_lb" {
+ description = "cross-zone load balancing distributes traffic across the registered targets in all enabled Availability Zones"
+ type = bool
+ default = true
+}
+
variable "proxy_response_buffering" {
description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering"
type = string