I am doing a new setup of Kubernetes cluster. I have few mircroservices running in pods. Now, I wanted to route those services basis on their path. For e.g: domain.com/order should redirect me to orderservice pod and domain.com/customer should redirect me to customerservice pod.
Initially, I did the whole setup using ALB ingress controller but the problem was that sadly alb still doesn’t support rewrite url. This means if I have my url as domain.com/order to redirect to orderservice pod then the final url should become domain.com/swagger/index.html but this does not work as there is no rewrite functionality.
Then I moved onto nginx ingress controller. I have done the ingress controller setup but it does not integrate with alb. It can only be integrated with classic load balancer(which is soon going to be depreciated) or via nlb which works at layer 4 however I would want to integrate it with alb which actually works on application layer(layer 7) for some extra configurations and stats.
I can’t find any way to achieve such a simple task in AWS. I’m wondering what is everyone in the market actually using if they want to use nginx as ingress controller and layer 7 load balancer from AWS?
2
Answers
I usually following the approach when I have NLB -> Nginx Ingress -> Pod.
All the metrics I can collect from the Nginx Ingress with Prometheus.
Also, NLB is able to terminate TLS for you and you can assign a proper ACM certificate
arn
via annotations. Of course you can use Certbot to issue certificates inside the EKS if you need throughout TLS all the way.There are more advantages to use NLB:
The only disadvantage is that you can’t have WAF attached to the NLB and need to have either ALB after it or CloudFront. Another workaround is to have mod_security configured on the Nginx Ingress level instead of using AWS WAF.
I am also facing same issue. I have am using Nginx as ingress controller, and I am using Helm Chart to deploy it on EKS cluster. Here are my observation:
Note: When Classic LB is created from ingress-controller service type, AWS offers a migration solution to deploy ALB with same configuraiton ( I did that, in hopes the FQDN will remain same) but I ended up getting a new ALB along with my CLB. Hence no point in doing this.