0

We are migrating to AWS. The basic ingress flow is: ALB -> nginx-ingress -> pods.

From the AWS doc that an ALB can only have 100 target groups. However, we do have a (business critical) domain that routes by paths, where each path maps to a micro-service. The number of path is already over 100, and product team plans to add more in the future.

With a nginx-ingress behind, we can successfully route by paths without issue, but we are stuck at the 100 target group limitation that we are forced to perform healthcheck on a subset of services. We know the 100 target group is a soft limit, but foreseeing more paths are coming, we want to find a more scalable solution.

Is there any suggested workaround?

chinuy
  • 145
  • 1
  • 12
  • The ALB should only have one target group that points to your ingress, unless you are using the ALB ingress controller, in which case you wouldn't also use nginx ingress. The ALB should not health check your services, k8s has it's own healthcheck system. Your actual services should not even be directly accessible to ALB without going through the ingress. – jordanm Jan 12 '21 at 20:13

1 Answers1

0

The ALB should forward the requests to the nodeports of the k8s worker instances. This can be achieved using AWS route53 Alias records. The logic at the ALB level should only be limited to forward the request as follows

yourdomain.com/* (http and https)   -> ALB ->  ingres-controller
*.tradelingdomain.com/* ( http and https ) -> ALB  -> ingres-controller

If you have created a service using any ingress controller like treafik or nginx. You can get it by following

kubectl get svc

Now at the kubernetes ingress-controller level you segregate the traffic for different microservices

if host is yourdomain.com and PathPrefix is /api/microservice1 then go to microservice1

if host is test.yourdomain.com and PathPrefix is /api/microservice2 then go to microservice2

For example

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-wildcard-host
spec:
  rules:
  - host: "yourdomain.com"
    http:
      paths:
      - pathType: Prefix
        path: "/api/microservice1"
        backend:
          service:
            name: microservice1
            port:
              number: 80
  - host: "test.yourdomain.com"
    http:
      paths:
      - pathType: Prefix
        path: "/api/microservice2"
        backend:
          service:
            name: microservice2
            port:
              number: 80
codeaprendiz
  • 2,703
  • 1
  • 25
  • 49