ALB and k8s: Routing between namespaces
• Mark Eschbach
ALBs are bound to a specific namespace. This is quiet unforutnate since each ALB costs at least $18 a month and you miss out on a lot of awesome features. Sure failure domains are isolated however if you publish a number of small serivces this is rather obnoxious.
A suggestion which looks promising is to have the ALB target the nginx ingress controller and dispatch from there. A little sad the ALB does not support this out of the box but will have to do for now. Perhaps in the future I will consider other ingress mechanisms to replace nginx if it exhibits broken connection issues on restart or is not monitorable still.
Need to prime nginx’s stable repository first:
helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
After a quick glance throught the configuration some options definitely need to chnage. Here is my initial pass at the configuration for the chart. Configuration knobs
Most important is setting the controller to use the
ClusterIP as this is what the ALBs will target. If unset this
will create a new ELB via the
LoadBalancer service configuration which is definitely not what is desired.
Caveat: Default Host
Well, after seraching for a while turns out nginx does not support a critical use case: default hosts. This is really disappointing but I can work around the issue I suppose. All sites must be named and nginx provides it’s own default host. Easy enough to resolve by just directing specific hosts to the nginx controllers, although this makes me sad.