「KUBERNETES-INGRESS-CONTROLLER」- AWS Load Balancer Controller

认识

官网:https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/
文档:https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html
项目:https://github.com/kubernetes-sigs/aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers. This project was formerly known as “AWS ALB Ingress Controller“, we rebranded it to be “AWS Load Balancer Controller“. 简而言之,其为 EKS 集群的组件,负责处理 Ingress、Service 资源。

组成

WIP

构建

通过 Helm 安装:https://docs.aws.amazon.com/eks/latest/userguide/lbc-helm.html

性质

可以直接把 Ingress 发布为 ALB,可以一个 ALB 关联多个 Ingress,跨 namespace 都行

里面有两种分配模式,一种是静态的,就是先创建 ALB,然后 SREVICE 去映射这个 ALB; 另一种是动态的,就是每个 SERVICE 创建的时候自动拉起一个 ALB;具体哪种模式看您们的业务需求,通常建议静态的。

https://github.com/kubernetes-sigs/aws-load-balancer-controller

配置了 aws-load-balancer-controller,然后 LoadBalancer 类型是直接使用 AWS 的 NLB,如果是 Ingress 就是 ALB,都要配置很多的 annotation

https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/how-it-works/

https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html

Ingress Annotations

https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.9/guide/ingress/annotations/

需要说明的是,这些注解仅适用于 AWS Load Balancer Controller 组件。

配置 SSL 证书 | https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#ssl

  • alb.ingress.kubernetes.io/certificate-arn: 需要填写 Certificate Manager 中创建的证书的 ARN 值;
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: default
  name: ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxx:certificate/xxxxxx
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  rules:
    - http:
        paths:
         - path: /*
           backend:
             serviceName: ssl-redirect
             servicePort: use-annotation
         - path: /users/*
           backend:
             serviceName: user-service
             servicePort: 80
         - path: /*
           backend:
             serviceName: default-service
             servicePort: 80

https://kubernetes-sigs.github.io/aws-load-balancer-controller/v1.1/guide/tasks/ssl_redirect/

应用

多个 Ingress 共享 LB 实例

Configuring a Shared ALB in Amazon EKS Across Multiple Namespaces:

参考 IngressGroup 文档

alb.ingress.kubernetes.io/group.name
alb.ingress.kubernetes.io/group.order

注意,通过上述注解,能够在多个 Ingress 间共享 LB 实例。

多个 Service 共享 LB 实例

service.beta.kubernetes.io/aws-load-balancer-name: “my-existing-elb” // 无效 05/19/2025 EKS 1.31 Classic

针对 Service 间共享 LB 实例:

虽然能够实现,但是需要一些额外的配置工作。

Filed under: K4NZDROID - @ 9:20 PM