0

Trying to configure my AWS K8s cluster (EKS).

Currently I am using this schema:

Internet -> NLB -> Nginx ingress -> Pod

Now I have requirement to use AWS WAF service. As WAF can`t work with NLB, looks like I have only two options:

  1. Start to use ALB instead NLB:

    Internet -> ALB (instead NLB) -> Nginx ingress -> Pod

  2. Add ALB in my chain:

    Internet -> ALB (+WAF) -> NLB -> Nginx ingress -> Pod

So, my question is - what option is better? Is it possible to point ALB to NLB? In this case I need minimum (I guess) changes in my current structure. Or, it is better to switch from NLB to ALB?

prosto.vint
  • 1,403
  • 2
  • 17
  • 30
  • 1
    Even if it is possible to redirect ALB to NLB, `Internet -> ALB (instead NLB) -> Nginx ingress -> Pod` seems more correct – rzlvmp Jun 08 '23 at 14:09
  • more correct and more cost effective while serve the same purpose. – gohm'c Jun 09 '23 at 01:56

1 Answers1

0

It would be better to use the AWS Load Balancer Controller to route traffic directly to your pods. If you need to use nginx, you can configure your environment like this Internet -> NLB -> ALB -> nginx ingress. ALB can be a target for the NLB. This blog explains how to configure it, https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/. You'll need to configure the NLB outside of the AWS Load Balancer controller/Kubernetes because the controller doesn't recognize ALB as a target type.

Jeremy Cowan
  • 563
  • 4
  • 13