"External Client/User → DNS → AWS API Gateway → Kubernetes Service (ALB) → Kubernetes Pod"
in this how ALB can attach to k8 services without Network loadlabalancers
how ALB can attach to k8 services without Network loadlabalancers
The key is leveraging the AWS ALB Ingress Controller with Kubernetes so that the Application Load Balancer (ALB) itself acts as the entry point for traffic and can target pod IPs directly without the need for a separate Network Load Balancer (NLB).
How It Works:
ALB Ingress Controller:
When you deploy an Ingress resource in your Kubernetes cluster with the appropriate ALB-specific annotations, the ALB Ingress Controller automatically provisions an ALB. This controller configures the ALB to route incoming requests based on rules defined in your Ingress.Target Type "IP":
Instead of routing traffic to instances via NodePort (which often necessitates an NLB), you can configure your ALB to use the target type “IP.” In this mode, the ALB registers the IP addresses of the Kubernetes pods directly as targets. This bypasses the need for an intermediate NLB.Dynamic Registration:
As pods come and go, the ALB Ingress Controller automatically updates the target groups, ensuring that the ALB always has the current pod IPs to route traffic to.
In Your Flow:
- External Client/User → DNS → AWS API Gateway → Kubernetes Service (via ALB):
The ALB, created and managed by the Ingress Controller, attaches to your Kubernetes services by registering pod IPs directly. The API Gateway forwards requests to the ALB (or the ALB is used as an ingress for the Kubernetes cluster), and then the ALB directs traffic to the appropriate pods—all without a separate NLB layer.
Summary:
By using the ALB Ingress Controller with the “IP” target type, AWS ALB can attach to Kubernetes services directly. This integration allows the ALB to manage routing to your pods dynamically, eliminating the need for a separate Network Load Balancer.
If you have further questions on configuring the ALB Ingress Controller or need more details on the annotations and setup, feel free to ask!
ALB Ingress Controller require some NLB? right?
No, the ALB Ingress Controller itself does not require an NLB for standard HTTP/HTTPS routing. When you configure it with the target type "IP," it registers your pod IPs directly as targets, allowing the ALB to route traffic straight to the pods without an intermediary NLB.
However, note that if you need TCP-level load balancing or are handling protocols that ALB doesn't support, you might consider using an NLB. But for typical web traffic in Kubernetes clusters using the ALB Ingress Controller, an NLB isn’t necessary.
So how aws ALB and AWS ALB Ingress Controller reach out to POD network of EKS? I belive pod network is accessible only in K8 Cluster and not outside thus how AWS ALB can connect to Services of k8s in EKS
In an EKS cluster, the pods are assigned IP addresses from the VPC’s CIDR block—thanks to the Amazon VPC CNI plugin. This means that even though pods run inside the cluster, their IPs are routable within the VPC. When you use the AWS ALB Ingress Controller with target type "IP," it registers these pod IP addresses in the ALB’s target group. Since the ALB itself is deployed within the same VPC (typically in public subnets), it can directly route traffic to those pod IPs. Essentially, the ALB doesn’t need to “step inside” the cluster because the pod network is part of the VPC’s overall network, making those IPs reachable by the ALB.