AWS - k8s - ingress LoadBalancer

2/28/2019

I am trying to configure below set up.

User -> https://xxx.abc.com -> VPC-IP(AWS LB):443 -> POD:8080

Referring to this question AWS VPC - k8s - load balancing

If I set up the ingress service; is LoadBalancer created by kubernetes?

I am currently limiting access to VPC for only specific IP with AWS Security Group.

Is it possible to use existing LoadBalancer and assign/attach it to Ingress Service? Or do I have to manually assign SG to load balancer once its created by K8S?

-- Pat
amazon-eks
amazon-web-services
kubernetes
nginx-ingress

2 Answers

3/3/2019

Just want to elaborate on @aurelius's solution 2:

Step 1: Make your ingress-service to type NodePort and it would get a port like Node:34567 on all nodes of your cluster.

Step 2: Config setup your existing load balancer to route to those ports as backend.

AWS existing load-balancer => Workder-Node1:34567 => Ingress-service => xxx
                           => Workder-Node2:34567 => Ingress-service => xxx
                           => Workder-Node3:34567 => Ingress-service => xxx
-- Fei
Source: StackOverflow

3/1/2019

Sorry but your question seems to be unclear or a little bit tangled = hope I did not miss the point.

To achieve this scenario: User -> https://xxx.abc.com -> VPC-IP(AWS LB):443 -> POD:8080

You need to follow usual setup for configuring ingress and ingress controller and just add a host (your url) in ingress.yaml. You will not be able to reach it until you do not buy and connect your domain to the AWS. But you can check if the setup works by:

curl -v -H "HOST:host_from_config" loadbalanceraddress.com

If I set up the ingress service; is LoadBalancer created by Kubernetes?

Yes.

When the service type is set to LoadBalancer, Kubernetes provides functionality equivalent to type= to pods within the cluster and extends it by programming the (external to Kubernetes) load balancer with entries for the Kubernetes pods. The Kubernetes service controller automates the creation of the external load balancer, health checks (if needed), firewall rules (if needed) and retrieves the external IP allocated by the cloud provider and populates it in the service object.

You can limit the security group policies on the go, just find to which SG it belongs and edit the rules as you want or change to which SG the loadbalancer belongs and adjust it.

About the scenario of using existing LB with Ingress - you can try to add your existing LoadBalancer (didn't try this) to the Service configuration, attach correct instances to the LoadBalancer etc. Although I haven't tried it it seems like with some effort and correct configuration it should be possible.

status: loadBalancer: ingress: - hostname: example-address.eu-central-1.elb.amazonaws.com

Another way would be to change the type of the Service to NodePort and point it to the manually created LB to your applications - this can be used when you need couple services connected to one ELB. It has been described here.

-- aurelius
Source: StackOverflow