How does a Network Load Balancer work with an Ingress Controller in Kubernetes (AWS/EKS)?
Is my understanding of the following workflow correct:
When a request goes to the Load Balancer, it will also go through the Ingress Object (essentially a map of exactly how to process the incoming request).
This request is then forwarded to an Ingress Controller to fulfil (the request ultimately gets sent to the appropriate Pod/Service).
But what happens when there is only one Ingress Controller? It seems to me that the purpose of the load balancer will be defeated as all the requests will go to EKS Worker Node - 1?
And additionally, let's say that Pod A and Pod B in EKS Worker Node - 1 is occupied/down, will the Ingress controller forward that request to EKS Worker Node - 2?
Is my assumptions correct? And should you always have multiple ingress controllers across different nodes?
I'm confused as I don't understand how these two components work together? Which component is actually balancing the load?
To your main question, having multiple ingress controller replicas for redundancy in case of node failure is very common and probably a good thing to do on any production setup.
As to how it works: there's two modes for Load Balancer services depending on the "external traffic policy". In the default mode, the NLB doesn't talk directly to Nginx, it talk to the kube-proxy mesh on every node which then routes the Nginx pods as needed, even if they are on a different node. With traffic policy "Local", the NLB will bypass the kube-proxy mesh and only talks to nodes that have at least 1 Nginx pod, so in your example the NLB would not talk to node 2 at all.
The extra hop in the default mode improves resiliency and has smoother balancing but at a cost of hiding the client IP (moot here since the NLB does that anyway) and introducing a small bit of latency from the extra packet hops, usually only a few milliseconds.
- Openshift: unable to validate against any security > context constraint
- Is possible to pass environment variables to yml manifests while running a Github Action?
- Kubernetes: Unable to create replicaSet: error: no objects passed to create
- How to access kind control plane port from another docker container?
- Multi-Attach error for volume <pvcname> Volume is already exclusively attached to one node and can't be attached to another
- How to use git-sync image as a sidecar in kubernetes that git pulls periodically
- Manage resources generated by other resources
- How to override default chart values in terraform using helm provider?
- Minikube "icacls failed applying permissions "
- Kubectl error : [memcache.go:265] couldn't get current server API group list
- kubectl logs deploy/my-deployment does not show logs from all pods
- Kubernetes worker node is NotReady due to CNI plugin not initialized
- Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
- Conflicting NetworkPolicies in kubernetes
- Why does my GKE cluster not show any events?
- Kubernetes NFS Persistent Volumes - multiple claims on same volume? Claim stuck in pending?
- Encountering connection problems with PostgreSQL when using psycopg2 on a port that has been forwarded
- The connection to the server localhost:8080 was refused
- GKE gateway API: Control open ports on default firewall rule
- How to use Kubernetes secret object stringData to store base64 encoded privateKey
- K8s cluster deployment error: nc: bad address 'xx'
- Ingress path redirection, helm chart
- fluentd with OpenSearch - where does the @timestamp field come from?
- How can I keep a container running on Kubernetes?
- kubectl logs displays only 'API server listening at: [::]:40000' when remote debugging with dlv is enabled - How do I get my logs back?
- failed calling webhook "vingress.elbv2.k8s.aws"
- Kubernetes - Frontend pod can't reach backend pod
- How to access Kubernetes API when using minkube?
- What is Difference between KubernetesManifest@0 and KubernetesManifest@1 in Yaml pipeline?
- kube-prometheus-stack issue scraping metrics