I experimented with Kubernetes in a proof of concept a while back, where I worked with both the AWS Load Balancer Controller and an NGINX ingress along with Project Contour. When I used NGINX, all the ingress rules were defined within the context of the ingress object itself. Recently, a colleague set up a Kubernetes environment for a new POC and got it running using the AWS Load Balancer Controller. In his setup, however, all the rules seem to be defined directly in the Load Balancer that appears in the AWS console. I believe the difference is that he is using an Application Load Balancer (ALB), while I worked with a Network Load Balancer (NLB) which routes traffic into the internal ingress (like NGINX). Given that we have over 70 services, which approach scales better? I'd like to avoid managing many ALBs for each service.
2 Answers
In my opinion, using an NLB tends to be more cost-efficient. There's also the question of SSL termination; NLBs now support SSL termination with ACM certificates, which was previously only available with ALBs. If you go with NLB and route to an NGINX ingress, you'll manage SSL certificates using Kubernetes secrets. Meanwhile, ALBs provide features like direct OIDC authentication handling, which could simplify your setup.
If you're using the AWS Load Balancer Controller, the ALB is defined through an ingress resource. An NLB, however, operates as a service resource. Both can scale well depending on your needs, but for ease of use, the ALB is simpler to manage and quite robust. It might not have a significant edge in scaling over NLB, especially if you're not running a dedicated ingress controller.
Yeah, but keep in mind, NLBs can handle more raw traffic and requests, while ALBs excel with feature-rich Layer 7 routing.
Got it! So does that mean I should expect to see the rules within the AWS console rather than in a Kubernetes object when I describe the ingress?
To clarify, ingress rules are indeed found in the Kubernetes Ingress object as the source of truth, and the AWS LB Controller translates those into ALB rules on the fly.