AWS EKS + ALB
In this article, I want to share how to setup AWS ALB when used being as ingress on EKS (Kubernetes Services from AWS) for have a routing to external services.
If you don't know how to setup ALB as ingress on EKS, you can follow my previous article on this link and go back here after that.
Preparation
In this tutorial, the first thing we need to do is manually creating target group. You can do this via console. Go for EC2 resources, choose Load Balancing section and choose Target Groups.
After that, add EC2 Resources that already host your services into the Target Group you created above.
If you still don't have any services on your EC2, but you want to test this tutorial, you can read my previous article for automate simple PHP services inside EC2 at here. After that, you can use that EC2 for the next step on this article.
Ingress setup
After we already finish with the preparation, next we can start to setup our ingress. This is the annotation you need to add to your ingress:
alb.ingress.kubernetes.io/actions.<your target group name which have your ec2 external services>: >
{"Type":"forward","TargetGroupArn": "<your target group arn>"}
This annotation will tell your alb to forward the traffic into target group arn you add at there.
When you are going to spec section, you can add new rules like this for tell your ingress which path need to get routing to our services.
rules:
- host: your-domain-service-name
http:
paths:
- path: (you can add path you want if you need to route for root path can use like this /*, or specific path like /<path_name>)
backend:
serviceName: <your target group name which have your ec2 external services>
servicePort: use-annotation
Hereby, the full ingress yaml file looks like after you add your external config
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: your-ingress-name
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/actions.<your target group name which have your ec2 external services>: >
{"Type":"forward","TargetGroupArn": "<your target group arn>"}
labels:
app: your-app-name
spec:
rules:
- host: your-domain-service-name
http:
paths:
- path: (you can add path you want if you need to route for root path can use like this /*, or specific path like /<path_name>)
backend:
serviceName: <your target group name which have your ec2 external services>
servicePort: use-annotation
If you follow my previous article (I mention the link on first section), at the end, you will get full configuration like below (you can use sub path for accessing your external services):
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: your-ingress-name
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/certificate-arn: input-your-arn-from-youracm
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group: your-target-group-name
alb.ingress.kubernetes.io/target-type: ip | instance choose one
alb.ingress.kubernetes.io/actions.<ec2-tg>: >
{"Type":"forward","TargetGroupArn": "<your target group arn>"}
labels:
app: your-app-name
spec:
rules:
- host: your-domain-service-name
http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: your-service-name
servicePort: 80
- path: /<sub_path>*
backend:
serviceName: <ec2-tg>
servicePort: use-annotation
Conclusion
When we used Kubernetes, we can use hybrid approach where not all the services needed to move to kubernetes. Some of
Kubernetes with ingress flexible enough Some Ingress especially with ALB has a flexible way to support our hybrid scenario.
I think that's it for now for this article comparison. Leave a comment below about your thoughts! Thanks.
Top comments (0)