├── alb-nginx_ingress.png ├── nginx-values.yaml ├── alb-ingress-connect-nginx .yaml ├── README.md └── alb-nginx-controller.html /alb-nginx_ingress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rajeshwrn/alb-nginx-controller/HEAD/alb-nginx_ingress.png -------------------------------------------------------------------------------- /nginx-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | extraArgs: 3 | http-port: 8080 4 | https-port: 8443 5 | containerPort: 6 | http: 8080 7 | https: 8443 8 | service: 9 | ports: 10 | http: 80 11 | https: 443 12 | targetPorts: 13 | http: 8080 14 | https: 8443 15 | image: 16 | allowPrivilegeEscalation: false 17 | -------------------------------------------------------------------------------- /alb-ingress-connect-nginx .yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | #alb.ingress.kubernetes.io/certificate-arn: 6 | alb.ingress.kubernetes.io/healthcheck-path: /healthz 7 | alb.ingress.kubernetes.io/scheme: internet-facing 8 | alb.ingress.kubernetes.io/target-type: ip 9 | alb.ingress.kubernetes.io/subnets: 10 | kubernetes.io/ingress.class: alb 11 | name: alb-ingress-connect-nginx 12 | namespace: kube-system 13 | spec: 14 | rules: 15 | - http: 16 | paths: 17 | - backend: 18 | serviceName: nginx-ingress-controller 19 | servicePort: 8080 20 | path: /* 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Single ALB for multiple ingress in AWS EKS fargate 2 | 3 | Documentation/Steps to create an alb in EKS fargate for multiple ingress/service running different namespace. Option to reuse an existing ALB instead of creating a new ALB per Ingress. 4 | 5 | ## Requirement 6 | - Need to deploy multiple service in kubernetes with single alb. 7 | - Service/Ingress running on different fargate profile should communicate each other 8 | 9 | ### What is an Application Load Balancer? 10 | An Application Load Balancer or ALB is a bridge between inbound traffic and several targets (for example several pods for one application). The objective is to have applications with high availability. 11 | 12 | 13 | ### Limitations 14 | 15 | - Each service/ingress running in kubernetes with different namespaces/ fargate profile will create new alb 16 | - More cost and more public IP needed 17 | 18 | ### Solution 19 | We will now going to achieve this with 2 ingress controllers: the ALB ingress controller and the Nginx Ingress controller. 20 | #### Why do we have to use 2 ingress controllers? 21 | Because if we use the nginx ingress controller, we can not connect it directly to an ALB and if we only use the ALB ingress controller, you will have an ALB instance for every ingress resource in the cluster. 22 | 23 | But the requirement is one load balancer all services running in cluster. In the case in which we have both: it is important to know the nginx ingress controller will manage all ingresses resources of your applications in your EKS cluster and the ALB ingress controller will manage the life cycle of the Application Load Balancer instance. 24 | 25 | ![alt text](https://github.com/rajeshwrn/alb-nginx-controller/blob/master/alb-nginx_ingress.png?raw=true "alb-architecture") 26 | 27 | To create alb ingress in aws eks fargate use the below aws doc, 28 | https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html 29 | 30 | creating second ingress controller - nginx 31 | Before that, understand currently the eks fargate will not support nginx official helm chart. so we need to do small tweak on the helm values. 32 | 33 | - Port type should be NodePort 34 | - allowPrivilegeEscalation should be false to enable the node creation in fargate profile 35 | - Override defalut container ports 80 to 8080 and 443 to 8443 36 | - Traffic policy should be local 37 | 38 | ### Installation 39 | 40 | Use the below helm command to deploy nginx controller in your cluster. 41 | 42 | ``` 43 | helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx 44 | ``` 45 | 46 | ``` 47 | helm install nginx-ingress ingress-nginx/ingress-nginx --set-string controller.service.externalTrafficPolicy=Local --set-string controller.service.type=NodePort --set controller.publishService.enabled=true --set serviceAccount.create=true --set rbac.create=true --set-string controller.config.server-tokens=false --set-string controller.config.use-proxy-protocol=false --set-string controller.config.compute-full-forwarded-for=true --set-string controller.config.use-forwarded-headers=true --set controller.metrics.enabled=true --set controller.autoscaling.maxReplicas=1 --set controller.autoscaling.minReplicas=1 --set controller.autoscaling.enabled=true --namespace kube-system -f nginx-values.yaml 48 | ``` 49 | 50 | For more customization on ingress-nginx helm chart 51 | https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx 52 | 53 | Use below value file for helm deployment 54 | > nginx-values.yaml 55 | 56 | ``` 57 | controller: 58 | extraArgs: 59 | http-port: 8080 60 | https-port: 8443 61 | containerPort: 62 | http: 8080 63 | https: 8443 64 | service: 65 | ports: 66 | http: 80 67 | https: 443 68 | targetPorts: 69 | http: 8080 70 | https: 8443 71 | image: 72 | allowPrivilegeEscalation: false 73 | ``` 74 | 75 | ### Connect the ALB to the Nginx Ingress controller 76 | 77 | To connect the ALB to the nginx ingress controller, we need to create a kubernetes ingress resource in the namespace kube-system with the following configuration: 78 | 79 | > kubectl apply -f alb-ingress-connect-nginx.yaml 80 | 81 | ``` 82 | apiVersion: extensions/v1beta1 83 | kind: Ingress 84 | metadata: 85 | annotations: 86 | #alb.ingress.kubernetes.io/certificate-arn: 87 | alb.ingress.kubernetes.io/healthcheck-path: /healthz 88 | alb.ingress.kubernetes.io/scheme: internet-facing 89 | alb.ingress.kubernetes.io/target-type: ip 90 | alb.ingress.kubernetes.io/subnets: 91 | kubernetes.io/ingress.class: alb 92 | name: alb-ingress-connect-nginx 93 | namespace: kube-system 94 | spec: 95 | rules: 96 | - http: 97 | paths: 98 | - backend: 99 | serviceName: nginx-ingress-controller 100 | servicePort: 8080 101 | path: /* 102 | ``` 103 | 104 | Now we are ready with alb it will communicate to the nginx ingress controller. 105 | 106 | Validate the changes by accessing the ingress address, it will be the public facing dns address and we can access the services running in cluster this dns. 107 | > kubectl get ingress -n kube-system 108 | 109 | 110 | 111 | Deploy your application with following ingress annonation and service port should be 'ClusterIP' 112 | ``` 113 | annotations: 114 | kubernetes.io/ingress.class: "nginx" 115 | ``` 116 | 117 | -------------------------------------------------------------------------------- /alb-nginx-controller.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 |
9 |
10 |
11 |

Single ALB for multiple ingress in AWS EKS fargate

12 |
13 |

Documentation/Steps to create an alb in EKS fargate for multiple ingress/service running different namespace. Option to reuse an existing ALB instead of creating a new ALB per Ingress.

14 |

Requirement

15 |
    16 |
  • Need to deploy multiple service in kubernetes with single alb.
    • 17 |
  • Service/Ingress running on different fargate profile should communicate each other
    • 18 |
19 |

What is an Application Load Balancer?

20 |

An Application Load Balancer or ALB is a bridge between inbound traffic and several targets (for example several pods for one application). The objective is to have applications with high availability.

21 |

Limitations

22 |
    23 |
  • Each service/ingress running in kubernetes with different namespaces/ fargate profile will create new alb
    • 24 |
  • More cost and more public IP needed
    • 25 |
26 |

Solution

27 |

We will now going to achieve this with 2 ingress controllers: the ALB ingress controller and the Nginx Ingress controller.

28 |

Why do we have to use 2 ingress controllers?

29 |

Because if we use the nginx ingress controller, we can not connect it directly to an ALB and if we only use the ALB ingress controller, you will have an ALB instance for every ingress resource in the cluster.

30 |

But the requirement is one load balancer all services running in cluster. In the case in which we have both: it is important to know the nginx ingress controller will manage all ingresses resources of your applications in your EKS cluster and the ALB ingress controller will manage the life cycle of the Application Load Balancer instance.

31 |

alt text

32 |

To create alb ingress in aws eks fargate use the below aws doc, 33 | https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html 34 |

35 |

creating second ingress controller - nginx 36 | Before that, understand currently the eks fargate will not support nginx official helm chart. so we need to do small tweak on the helm values. 37 |

38 |
    39 |
  • Port type should be NodePort
    • 40 |
  • allowPrivilegeEscalation should be false to enable the node creation in fargate profile
    • 41 |
  • Override defalut container ports 80 to 8080 and 443 to 8443
    • 42 |
  • Traffic policy should be local
    • 43 |
44 |

Installation

45 |

Use the below helm command to deploy nginx controller in your cluster.

46 | 
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
 47 |
48 | 
helm install nginx-ingress ingress-nginx/ingress-nginx --set-string controller.service.externalTrafficPolicy=Local --set-string controller.service.type=NodePort --set controller.publishService.enabled=true --set serviceAccount.create=true --set rbac.create=true --set-string controller.config.server-tokens=false --set-string controller.config.use-proxy-protocol=false --set-string controller.config.compute-full-forwarded-for=true --set-string controller.config.use-forwarded-headers=true --set controller.metrics.enabled=true --set controller.autoscaling.maxReplicas=1 --set controller.autoscaling.minReplicas=1 --set controller.autoscaling.enabled=true --namespace kube-system -f nginx-values.yaml
 49 |
50 |

For more customization on ingress-nginx helm chart 51 | https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx 52 |

53 |

Use below value file for helm deployment

54 |
55 |

nginx-values.yaml

56 |
57 | 
controller: 
 58 |   extraArgs: 
 59 |     http-port: 8080 
 60 |     https-port: 8443 
 61 |   containerPort: 
 62 |     http: 8080 
 63 |     https: 8443 
 64 |   service: 
 65 |     ports: 
 66 |       http: 80 
 67 |       https: 443 
 68 |     targetPorts: 
 69 |       http: 8080 
 70 |       https: 8443 
 71 |   image: 
 72 |     allowPrivilegeEscalation: false
 73 |
74 |

Connect the ALB to the Nginx Ingress controller

75 |

To connect the ALB to the nginx ingress controller, we need to create a kubernetes ingress resource in the namespace kube-system with the following configuration:

76 |
77 |

kubectl apply -f alb-ingress-connect-nginx.yaml

78 |
79 | 
apiVersion: extensions/v1beta1 
 80 | kind: Ingress 
 81 | metadata: 
 82 |   annotations: 
 83 |     #alb.ingress.kubernetes.io/certificate-arn: <CERTIFICATE_ARN> 
 84 |     alb.ingress.kubernetes.io/healthcheck-path: /healthz 
 85 |     alb.ingress.kubernetes.io/scheme: internet-facing 
 86 |     alb.ingress.kubernetes.io/target-type: ip 
 87 |     alb.ingress.kubernetes.io/subnets: <subnets> 
 88 |     kubernetes.io/ingress.class: alb  
 89 |   name: alb-ingress-connect-nginx 
 90 |   namespace: kube-system 
 91 | spec: 
 92 |   rules: 
 93 |     - http: 
 94 |         paths: 
 95 |           - backend: 
 96 |               serviceName: nginx-ingress-controller 
 97 |               servicePort: 8080 
 98 |             path: /*
 99 |
100 |

Now we are ready with alb it will communicate to the nginx ingress controller.

101 |

Validate the changes by accessing the ingress address, it will be the public facing dns address and we can access the services running in cluster this dns.

102 |
103 |

kubectl get ingress -n kube-system

104 |
105 |

Deploy your application with following ingress annonation and service port should be 'ClusterIP'

106 | 
 annotations:
107 |     kubernetes.io/ingress.class: "nginx"
108 |
109 |
110 |
111 |
112 | 113 | 114 | --------------------------------------------------------------------------------