I have running EKS Cluster in AWS. Now I want to try use my own Network Load Balancer which were created not with AWS EKS annotations.
So my question: Is it even possible to use own NLB with EKS? If yes how can I do it? If not why it is not possible?
I've researched a lot found one opensource kind for EKS named as TargetGroupBinding, I've provided an ARN of my target group however than health checks are failing.
For some providers it is possible, such as Tencent Kubernetes Engine per official documentation -
metadata:
name: my-service
annotations:
# ID of an existing load balancer
service.kubernetes.io/tke-existed-lbid:lb-6swtxxxx
However this is not supported for AWS, as in the above link you can see that there is no similar annotation for AWS load balancers.
Related
We are designing a new cluster for our application. We are required to use AWS EKS and Consul. We have the following questions:
1) Is it possible to set an AWS ALB ingress (Application load balancing on Amazon EKS - Amazon EKS) as downstream from consul so I can manage it in the rules?
In our local tests we used an nginx ingress and it worked perfectly, but in EKS, nginx ingress uses classic load balancers and these will be deprecated on August 15, 2022 (Elastic Load Balancing migrate-classic-load-balancer.html).
Obviously we can’t create a new project with something that is going to be deprecated so soon.
2) Is ingress-gateway a replacement? Is it possible to create ingress-gateway using ALB ingress-controller from EKS? In the same case, ingress-gateway uses in AWS Classic load balancer and we have the same problem when deprecation.
3) Following this guide: Deploy Consul on Amazon Elastic Kubernetes Service (EKS) | Consul - HashiCorp Learn I see that no type of ingress controller is taken into account, so does it make sense to control external access to services from Consul? Or would income control suffice?
Thank you very much!
Any advice or documentation will be appreciated.
Cheers!
I was using AWS ECS fargate for running my application. I am migrating to AWS EKS. When I use ECS, I deployed a ALB to route request to my service in ECS cluster.
In kubernete, I read this doc https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer, it seems that Kubernete itself has a loadbalance service. And it seems that it creates an external hostname and IP address.
so my question is do I need to deploy AWS ALB? If no, how can I pub this auto-generated hostname in route53? Does it change if I redeploy the service?
Yes you need it to create Kubernetes Ingress using AWS ALB Ingress Controller, the following link explain how use ALB as Ingress controller in EKS: This
You don't strictly need an AWS ALB for apps in your EKS cluster, but you probably want it.
When adopting Kubernetes, it is handy to manage some infrastructure parts from the Kubernetes cluster in a similar way to how you mange apps and in some cases there are a tight coupling between the app and configuration of your load balancer, therefore it makes sense to manage the infrastructure the same way.
A Kubernetes Service of type LoadBalancer corresponds to a network load balancer (also known as L4 load balancer). There is also Kubernetes Ingress that corresponds to an application load balancer (also known as L7 load balancer).
To use an ALB or Ingress in Kubernetes, you also need to install an Ingress Controller. For AWS you should install AWS Load Balancer Controller, this controller now also provides features in case you want to use a network load balancer, e.g. by using IP-mode or expose services using an Elastic IP. Using a pre-configured IP should help with using Route53.
See the EKS docs about EKS network load balancing and EKS application load balancing
As already mentioned from the other guys, yes it is NOT required but it is very helpful to use an ALB.
There are a couple of different solutions to that.. my favorite solution is
Use an Ingress Controller like the ingress-nginx (there are multiple different Ingress Controllers available for Kubernetes, a very good comparison is provided here
Configure the IngressController Service to use NodePort and use a port like 30080
Create an own AWS ALB with Terraform for an example and add the NodePort 30080 to the TargetGroup
Create a Ingress resource to configure the IngressController
If you still have some questions, just ask them here :)
No you don't need ALB and yes, you can use Route53 in an automated manner. Here's a nice article that describes the latter:
https://www.padok.fr/en/blog/external-dns-route53-eks
I have a non-EKS AWS kubernetes cluster with 1 master 3 worker nodes
I am trying to install nginx ingress controller in order to use the cluster with a domain name but unfortunately it does not seem to work, the nginx ingress controller service is not taking automatically an IP and even if I set manually an external IP this IP is not answering in 80 port.
If you are looking for a public domain . Expose the nginx-ingress deployment(service) as a loadbalancer which will create an ALB.
You can then route the domain name to the ALB Alias in R53
The reason for External IP remaining in pending is that there is no load balancer in front of your cluster to provide it with external IP, like it would work EKS. You can achieve it by boostraping your cluster with --cloud-provider option using kubeadm.
You can follow these tutorials on how to successfully achieve it:
Kubernetes, Kubeadm, and the AWS Cloud Provider
Setting up the Kubernetes AWS Cloud Provider
Kubernetes: part 2 — a cluster set up on AWS with AWS cloud-provider and AWS LoadBalancer
There are a couple of different solutions to that.. my favorite solution is
Use an Ingress Controller like the ingress-nginx (there are multiple different Ingress Controllers available for Kubernetes, a very good comparison is provided here)
Configure the IngressController Service to use NodePort and use a port like 30080
Create an own AWS ALB with Terraform for an example and add the NodePort 30080 to the TargetGroup
Create a Ingress resource to configure the IngressController
The whole traffic flow could look like that:
If you still have some questions, just ask them here :)
Yes you will have to expose the deployment as a service
kubectl expose deployment {deploymentname} -n ns ==type=Loadbalancer --name={name}
Can EKS Fargate be used in a private EKS cluster which has no outbound internet access?
According to the AWS documentation, the aws-alb-ingress controller is not supported for private EKS clusters with no outbound internet access:
https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html
AWS Fargate is supported with private clusters. You must include the
STS VPC endpoint. For more information, see VPC endpoints for private
clusters. You must use a third-party ingress controller with AWS
Fargate because the ALB Ingress Controller on Amazon EKS does not work
in private clusters and because Classic Load Balancers and Network
Load Balancers are not supported on pods running on Fargate.
Unfortunately AWS provides no suggestions here on what the third-party options would be. I have not been able to find any information specific to EKS Fargate Private Clusters.
Questions:
1.) Is there an open source ingress controller that uses ALB that would work for Fargate?
2.) Is there a specific reason why the aws-alb-ingress controller will not work in a private cluster? I might be able to request outbound access for specific ports, if that is the issue, but AWS does not provide any detail on this.
That paragraph in the docs has changed as-of mid/end October, and now says
AWS Fargate is supported with private clusters. You must include the STS VPC endpoint. For more information, see VPC endpoints for private clusters. You can use the AWS load balancer controller to deploy AWS Application Load Balancers and Network Load Balancers with. The controller supports network load balancers with IP targets, which are required for use with Fargate. For more information, see Application load balancing on Amazon EKS and Load balancer – IP targets.
I emphasised the changed part.
So you now can use ALB-based Ingress with private clusters, and the newly-introduced IP-target mode for LoadBalancer Service supports private clusters too.
Note that this requires AWS Load Balancer Controller, which is the new version of aws-alb-ingress-controller.
I ended up doing this with app mesh ingress:
https://aws.amazon.com/blogs/containers/introducing-ingress-support-in-aws-app-mesh/
I am new to Kubernetes and AWS and exploring different AWS technologies for a project. One thing I am doing as part of that is to see how we can have routes in API Gateway connect to an EKS cluster (in a VPC).
This is what I have working:
An EKS Cluster
In the EKS Cluster I have nginx ingress-controller running
I have an EC2 inside the VPC and verified that I can reach a service running in the cluster through EC2 by using the ingress-controller url
This is what I am trying:
I tried to create an API Gateway route to access the same service using the ingress-controller url -> To achieve that, I am trying the steps here (because my cluster is in a VPC): https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-nlb-for-vpclink-using-console.html
One thing that is not clear to me is that, how do I specify the ingress-controller url as a target for the NLB? The only targets that I can specify are EC2 instances, but I want to direct the traffic through the ingress-controller (which is a service of type loadbalancer in K8s).
If I am doing this wrong way, please advice the right way of exposing EKS cluster in API Gateway through the nginx ingress controller. Thanks!
I have found the problem. When using nginx-ingress-controller, I just had to specify the annotation that it is of type "nlb"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
Once I deploy the ingress controller with this annotation, it automatically creates an nlb in aws and sets the target according to the ingress defined! I was creating a new nlb myself and then trying to point to the ingress-controller which is not needed (nor the right way).