Hey all! I'm working on a project where I need to connect many Kubernetes services (over 40!) to an existing AWS Network Load Balancer (NLB). Currently, I have an NLB set up and I'm running a bunch of backend services, typically around 10-15 for each of my environments (Development, Staging, and Production). My pods expose internal ports like 3001, 3002, and 8080, but I want the NLB to handle external ports like 77, 81, and 6000 for each service. I'm trying to avoid creating a new NLB for every single service if possible. Here's what I'm considering: using a Kubernetes Service of type LoadBalancer with some specific annotations to link to the existing NLB. However, I'm uncertain about the best practices when scaling up to so many services. Is it advisable to use one NLB for all services, or should I consider separate NLBs for different environments instead? Also, are there any limits on NLB listeners or target groups I should be aware of? How can I keep this architecture manageable?
3 Answers
Avoid using NodePorts directly. Instead, leverage an NLB to route to an ingress controller like Traefik or Istio. This way, your services can remain as ClusterIP, making everything a lot cleaner. Plus, this setup will give you more flexibility in routing traffic later on if you need it.
I think it’s better to keep your Dev, Staging, and Prod environments separate. Sharing a load balancer among them can complicate things down the line. I recommend using an Application Load Balancer (ALB) to manage incoming traffic using path-based routing. It can simplify exposing your services externally without having to juggle too many listeners on the NLB. Have you looked into using the AWS Load Balancer Controller for managing your target groups?
That makes a lot of sense! I'll check out the AWS Load Balancer Controller and see how it integrates with path-based routing.
You might want to stick with one multi-AZ NLB for all your services. This allows you to scale better without getting too complicated. Also, have you thought about deploying your applications on EKS? Using a layer 7 gateway like Emissary-Ingress will help manage incoming requests efficiently without throwing more NLBs into the mix.
I hadn’t considered the multi-AZ approach; that could really help with redundancy. Thanks for the suggestion!
Sounds like a solid plan! I’m definitely looking into switching from NodePorts.