Ingress Migration: Leveraging the Power of AWS Load Balancer Controller Add-On

Introduction

Kubernetes Ingress serves as an API resource that manages the control of HTTP(S) access, both internal and external, to services operating within a Kubernetes cluster. It provides a way to manage and configure routing rules for incoming traffic to the services.

On the other hand, Amazon Elastic Load Balancing Application Load Balancer (ALB) is a popular service provided by AWS that performs load balancing at the application layer (layer 7) for incoming traffic. ALB distributes the traffic across multiple targets, such as Amazon EC2 instances, within a specific region. It offers advanced features like routing based on host or path, TLS termination, support for WebSockets and HTTP/2, and integration with AWS WAF for enhanced security, access logs, and health.

AWS ALB Controller

The AWS ALB Controller is tasked with effectively managing AWS Application Load Balancers within a Kubernetes cluster. This controller handles the provisioning of the AWS Application Load Balancer (ALB) when a Kubernetes Ingress is created.

Ingress with ALB controller

When a user defines an Ingress resource, the aws-alb-ingress-controller within Kubernetes interacts with various AWS components to enable the desired functionality. The controller automatically creates these AWS components, as depicted in the diagram, to facilitate the routing of ingress traffic from the Application Load Balancer (ALB) to the Kubernetes cluster.

Source: aws.com

Basic steps for the creation of Ingress and Ingress traffic

The aws-alb-controller follows a specific process, as indicated by the numbered blue circles in the diagram:

1. The controller continuously monitors the API server for changes or events related to Ingress resources. Once it identifies Ingress resources that meet its requirements, it initiates the creation of AWS resources.
2. An Application Load Balancer (ALB) is generated specifically for the Ingress resource. This ALB serves as the entry point for incoming traffic.
3. For each backend specified in the Ingress resource, TargetGroups are created. These TargetGroups define the destinations for the incoming traffic based on the specified backends.
4. Listeners are created to handle traffic on the designated ports specified in the Ingress resource. Sensible defaults such as port 80 or 443 are utilized if no port is explicitly defined.
5. Rules are established for each path specified in the Ingress resource. These rules ensure traffic directed to a particular path is correctly routed to the appropriate TargetGroup.

Prerequisites

• A Kubernetes Cluster (In this Assessment, I am dealing with EKS).
• A sample docker image. I have taken a sample nginx latest image from the docker public repo.
• In Kubernetes clusters, version 1.21 or higher, verify that the Amazon VPC CNI plugin for Kubernetes, kube-proxy, and CoreDNS add-ons must adhere to the minimum version prerequisites outlined in the Service account tokens documentation.
• Helm and eksctl installations.

Steps to Configure the cluster with AWS Load Balancer Controller, Ingress, and workloads

1. Updating the EKS cluster configuration file

2. Creating an IAM OIDC provider for the EKS cluster

3. Generate an IAM policy specifically designed for the AWS Load Balancer Controller, granting it the required permissions to interact with AWS APIs on your behalf seamlessly.

For all the regions:

For the regions GovCloud (US-East) or AWS GovCloud (US-West):

4. After downloading the required IAM Policy document, Create the IAM policy:

5. To set up the necessary components for the AWS Load Balancer Controller, Create an IAM role with the required permissions, and after that, create a Kubernetes service account called “aws-load-balancer-controller” in the “kube-system” namespace. Finally, add an annotation to the Kubernetes service account, specifying the name of the IAM role.

6. Install the AWS Load Balancer Controller

7. Using Helm package manager for Kubernetes, deploy the AWS Load Balancer Controller.

8. Use the kubectl command to check whether the controller was installed successfully.

Deploy a sample application and ingress in Kubernetes

9. Create a deployment with ngnix sample image with service as shown below:

10. Create an ingress with default path / by connecting the service created earlier:

11. Deploy the deployments and Ingress.

12. Verify that all the deployments and Ingress are created and running successfully.

13. Check with the Application load balancer created in the AWS Account.

14. Copy the URL and paste it into the browser.

Conclusion

The Ingress resource is utilized to direct HTTP(S) traffic to various endpoints within the cluster by leveraging the ALB. This functionality applies to any Kubernetes cluster, including Amazon Elastic Kubernetes Service (Amazon EKS).

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Drop a query if you have any questions regarding Ingress Migration, AWS Load Balancer, I will get back to you quickly.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.