AWS VPC - k8s - load balancing

ghz 1years ago ⋅ 1246 views

Question

Sorry for newbie question; I am new to the k8s world.The current way of deploying is to deploy the app on EC2. The new way I am trying to deploy the containerized app to VPC.

In the old way AWS would route the traffic for aaa.bbb.com to vpc-ip:443 ELB which would further route it to ASG on private subnet:443 and app would work fine.

With k8s in the picture, how does traffic flow look like?

I'm trying to figure out if I could use multiple ports on ELB with respective dns and route traffic to on certain port on worker nodes.

i.e.

xxx.yyy.com -> vpc-ip:443/ -> ec2:443/
aaa.bbb.com -> vpc-ip:9000/ -> ec2:9000/ 

Is it doable with k8s on the same VPC? Any guidance and links to documentation would be of great help.


Answer

In general, you would have a AWS Load-balancer instance that would have multiple K8s workers as backend server with a specific port. After traffic entering worker nodes, networking inside K8s would take the job.

Suppose you have setup two K8S services as load-balancer with port 38473 and 38474 for your two domains, respectively:

xxx.yyy.com -> AWS LoadBalancer1 -> Node1:38473 -> K8s service1 -> K8s Pod1
                                 -> Node2:38473 -> K8s service1 -> K8s Pod2
aaa.bbb.com -> AWS LoadBalancer2 -> Node1:38474 -> K8s service2 -> K8s Pod3
                                 -> Node2:38474 -> K8s service2 -> K8s Pod4

This simple solution above would need to have you create different services as load-balancer, which would increase your cost because they are actual AWS load-balancer instances. To reduce cost, you could have an ingress- controller instance in your cluster and write ingress config. This would only require one actual AWS load-balancer to finish your networking:

xxx.yyy.com -> AWS LoadBalancer1 -> Node1:38473 -> Ingress-service -> K8s service1 -> K8s Pod1
                                 -> Node2:38473 -> Ingress-service -> K8s service1 -> K8s Pod2
aaa.bbb.com -> AWS LoadBalancer1 -> Node1:38473 -> Ingress-service -> K8s service2 -> K8s Pod3
                                 -> Node2:38473 -> Ingress-service -> K8s service2 -> K8s Pod4

For more information, you could refer more information here: