How does the AWS Load Balancer Controller work?
Introduction
AWS Load Balancer Controller is a Kubernetes Controller that helps manage the lifecycle of Elastic Loadbalancers (ELB). AWS Load Balancer controller supports two types of ELBs:
- Application Load Balancers (ALB) that utilize the
IngressKubernetes resource - Network Load Balancers (NLB) that utilize the
ServiceKubernetes resource
In this article, we will take a closer look at Application Load Balancers.
Kubernetes Ingress
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. For e.g. simple example where an Ingress sends traffic to one service:
 |
|---|
| Image Credits |
An example of a simple Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /testpath
pathType: Prefix
backend:
service:
name: test
port:
number: 80
Ingress Controllers
An Ingress Controller is responsible for fulfilling the Ingress resource, usually with a load balancer.
How does the AWS Load Balancer Controller work?
ALB Load Balancer controller is an Ingress Controller that satisfies the Ingress resource and is responsible for routing traffic from outside the cluster to services inside the cluster.
 |
|---|
| Image Credits - AWS ALB Ingress Controller |
The ALB Load Balancer controller works as following (from here):
[1]: The controller watches for ingress events from the API server. When it finds ingress resources that satisfy its requirements, it begins the creation of AWS resources.
[2]: An ALB (ELBv2) is created in AWS for the new ingress resource. This ALB can be internet-facing or internal. You can also specify the subnets it’s created in using annotations.
[3]: Target Groups are created in AWS for each unique Kubernetes service described in the ingress resource.
[4]: Listeners are created for every port detailed in your ingress resource annotations. When no port is specified, sensible defaults (80 or 443) are used. Certificates may also be attached via annotations.
[5]: Rules are created for each path specified in your ingress resource. This ensures traffic to a specific path is routed to the correct Kubernetes Service.
How to create an Ingress resource using an Application Load Balancer (ALB)?
A simple example for using an Ingress resource to route traffic to a python service using the AWS Load Balancer Controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: python-web
namespace: python-web
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/scheme: internet-facing
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: python-web
servicePort: 80
Things to note:
Annotations
- Create an
albusing the[kubernetes.io/ingress.class](http://kubernetes.io/ingress.class)annotation - Traffic routing:
[alb.ingress.kubernetes.io/target-type](http://alb.ingress.kubernetes.io/target-type)annotation is used to specify how to route traffic to pods.ipmode routes traffic directly to the pod IP whereasinstancemode will route traffic to ec2 instances within the cluster. - We are specifying an
internet-facingALB using thealb.ingress.kubernetes.io/scheme
Spec
- We set up HTTP rules for the path
/and we forward that to the serviec namedpython-webat port80
How to setup the AWS Load Balancer Controller?
This article, How to setup an AWS EKS cluster with the AWS Load Balancer Controller using Pulumi, provides detailed look into how to set up an EKS cluster cluster with the AWS Load Balancer controller and how to deploy a simple application that serves external traffic.
