Ingress Controller

Complete Guide to Ingress, Ingress Controller, and AWS Load Balancer in EKS

In this guide, we'll cover: ✅ Ingress and Ingress Controller ✅ AWS Load Balancer Controller ✅ Scenarios with Real-time Examples ✅ Common Issues and Solutions

🚀 Step 1: What is Ingress?

In Kubernetes, an Ingress allows external traffic to reach services inside the cluster using a single entry point (hostname/domain).

🔹 Key Features of Ingress:

Routes traffic based on hostnames, paths, or headers
Works with TLS (HTTPS)
Can handle multiple services behind a single Load Balancer

🚀 Step 2: Setting Up an Ingress Controller

To use Ingress, we need an Ingress Controller that watches Ingress resources and routes traffic accordingly.

🔹 Common Ingress Controllers:

AWS Load Balancer Controller (Recommended for EKS)
NGINX Ingress Controller
Traefik Ingress Controller

For EKS, we use AWS Load Balancer Controller because it integrates with AWS ALB (Application Load Balancer).

🚀 Step 3: Deploy AWS Load Balancer Controller

Step 3.1: Install IAM Policy for Load Balancer Controller

AWS ALB Controller needs IAM permissions to create and manage ALB.

🔹 Create IAM policy:

curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.0/docs/install/iam_policy.json
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam-policy.json

🔹 Attach this policy to your EKS IAM Role:

eksctl create iamserviceaccount --cluster=my-cluster \
  --namespace=kube-system --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::YOUR_AWS_ACCOUNT_ID:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve

✅ Verify IAM Role:

kubectl get sa -n kube-system | grep aws-load-balancer-controller

Step 3.2: Install the AWS Load Balancer Controller

🔹 Install using Helm:

helm repo add eks https://aws.github.io/eks-charts
helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  --set clusterName=my-cluster \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  -n kube-system

✅ Check if the controller is running:

kubectl get pods -n kube-system | grep aws-load-balancer-controller

🚀 Step 4: Deploy an Application with Ingress

Step 4.1: Deploy a Sample Application

🔹 Create a simple Nginx deployment and service:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: NodePort

🔹 Apply the configuration:

kubectl apply -f nginx-deployment.yaml

Step 4.2: Configure Ingress with AWS ALB

🔹 Create an Ingress resource for ALB:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: default
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
spec:
  ingressClassName: alb
  rules:
  - host: nginx.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80

🔹 Apply the Ingress rule:

kubectl apply -f nginx-ingress.yaml

✅ Verify that the ALB was created:

kubectl get ingress

🚀 Step 5: Add HTTPS to Ingress (TLS Termination)

AWS ALB supports TLS termination using ACM certificates.

🔹 Create an ACM Certificate:

aws acm request-certificate --domain-name nginx.example.com --validation-method DNS

🔹 Update the Ingress resource with TLS:

annotations:
  alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:region:account-id:certificate/certificate-id
  alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'

✅ Apply changes:

kubectl apply -f nginx-ingress.yaml

✅ Verify HTTPS works:

curl -k https://nginx.example.com

🚀 Step 6: Common Issues & Fixes

❌ Issue 1: AWS ALB is not created

🔹 Check Ingress status:

kubectl describe ingress nginx-ingress

✅ Solution: Ensure correct annotations and IAM permissions.

❌ Issue 2: Ingress Shows `default backend - 404`

🔹 Check if the service is reachable:

kubectl get svc

✅ Solution: Ensure Ingress backend service matches your service name.

❌ Issue 3: DNS Resolution Not Working

🔹 Check ALB DNS:

kubectl get ingress

✅ Solution: Add an A record in Route 53 pointing to the ALB.

❌ Issue 4: SSL Certificate Not Working

🔹 Check certificate status:

aws acm describe-certificate --certificate-arn <your-certificate-arn>

✅ Solution: Ensure the certificate is issued and validated.

❌ Issue 5: High Latency in Load Balancer

🔹 Check AWS ALB logs:

aws elbv2 describe-load-balancers

✅ Solution: Increase ALB capacity by using a higher instance type.

🚀 Summary

✔ Configured AWS Load Balancer Controller ✔ Deployed an application with Ingress ✔ Secured the Ingress with HTTPS ✔ Troubleshooted common ALB issues

🚀 Next: Do you want to configure Web Application Firewall (WAF) or Advanced Security for Ingress?

PreviousKarpenter NextNetwork Policy

Last updated 11 months ago

hashtagComplete Guide to Ingress, Ingress Controller, and AWS Load Balancer in EKS

hashtag🚀 Step 1: What is Ingress?

hashtag🚀 Step 2: Setting Up an Ingress Controller

hashtag🚀 Step 3: Deploy AWS Load Balancer Controller

hashtagStep 3.1: Install IAM Policy for Load Balancer Controller

hashtagStep 3.2: Install the AWS Load Balancer Controller

hashtag🚀 Step 4: Deploy an Application with Ingress

hashtagStep 4.1: Deploy a Sample Application

hashtagStep 4.2: Configure Ingress with AWS ALB

hashtag🚀 Step 5: Add HTTPS to Ingress (TLS Termination)

hashtag🚀 Step 6: Common Issues & Fixes

hashtag❌ Issue 1: AWS ALB is not created

hashtag❌ Issue 2: Ingress Shows default backend - 404

hashtag❌ Issue 3: DNS Resolution Not Working

hashtag❌ Issue 4: SSL Certificate Not Working

hashtag❌ Issue 5: High Latency in Load Balancer

hashtag🚀 Summary

hashtag🚀 Next: Do you want to configure Web Application Firewall (WAF) or Advanced Security for Ingress?