EKS Networking Stuff I Learned About Today
I was working on the hands-on EKS Workshop today and learned a few new things.
AWS Load Balancer Controller
- use this whenever you can
- it'll provision an ALB when you create an
Ingress - it'll provision a NLB when you create a
Serviceof TypeLoadBalancer - by default, the ALB Controller operates in "instance mode", which targets worker nodes in the cluster and allows
kube-proxyto forward traffic to Pods. this is not great because it requires an additional "hop" from the node to the Pod. Why not just go directly to the Pod? well, you can by adding thisservice.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ipannotation to the service, which flips it to "ip mode", bypassing kube proxy and directing traffic straight to the Pod. And yes, the target group automatically gets updated when theDeploymentscales :)
externalDNS
ExternalDNS makes Kubernetes resources discoverable via public DNS servers. Like KubeDNS, it retrieves a list of resources (Services, Ingresses, etc.) from the Kubernetes API to determine a desired list of DNS records. Unlike KubeDNS, however, it's not a DNS server itself, but merely configures other DNS providers accordingly—e.g. AWS Route 53 or Google Cloud DNS.
basically it handles the management of DNS records and integrates with Route53, so you don't have to manipulate Hosted Zone records manually!
Multiple Ingress pattern
By default each Ingress will result in the creation of a separate ALB, but we can leverage the IngressGroup feature which enables you to group multiple Ingress resources together. The controller will automatically merge Ingress rules for all Ingresses within IngressGroup and support them with a single ALB.
This would save money by reducing the number of ALBs you need.