Create an IngressClass to configure an Application Load Balancer
EKS Auto Mode automates routine tasks for load balancing, including exposing cluster apps to the internet.
AWS suggests using Application Load Balancers (ALB) to serve HTTP and HTTPS traffic. Application Load Balancers can route requests based on the content of the request. For more information on Application Load Balancers, see What is Elastic Load Balancing?
EKS Auto Mode creates and configures Application Load Balancers (ALBs). For example, EKS Auto Mode creates a load balancer when you create an Ingress
Kubernetes objects and configures it to route traffic to your cluster workload.
Overview
-
Create an
IngressClassParams
resource, specifying AWS specific configuration values such as the certificate to use for SSL/TLS and VPC Subnets. -
Create an
IngressClass
resource, specifying that EKS Auto Mode will be the controller for the resource. -
Create an
Ingress
resource that associates a HTTP path and port with a cluster workload. -
EKS Auto Mode will create an Application Load Balancer that points to the workload specified in the
Ingress
resource, using the load balancer configuration specified in theIngressClassParams
resource.
Prerequisites
-
EKS Auto Mode Enabled on an Amazon EKS Cluster
-
Kubectl configured to connect to your cluster
-
You can use
kubectl apply -f <filename>
to apply the sample configuration YAML files below to your cluster.
-
Step 1: Create IngressClassParams
Create an IngressClassParams
object to specify AWS specific configuration options for the Application Load Balancer. Use the reference below to update the sample YAML file.
Note the name you set for the IngressClassParams
resource, you will need it in the next step.
apiVersion: eks.amazonaws.com/v1 kind: IngressClassParams metadata: name: alb spec: scheme: internet-facing
Step 2: Create IngressClass
Create an IngressClass
that references the AWS specific configuration values set in the IngressClassParams
resource. Note the name of the IngressClass
. In this example, both the IngressClass
and IngressClassParams
are named alb
.
Use the is-default-class
annotation to control if Ingress
resources should use this class by default.
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: alb annotations: # Use this annotation to set an IngressClass as Default # If an Ingress doesn't specify a class, it will use the Default ingressclass.kubernetes.io/is-default-class: "true" spec: # Configures the IngressClass to use EKS Auto Mode controller: eks.amazonaws.com/alb parameters: apiGroup: eks.amazonaws.com kind: IngressClassParams # Use the name of the IngressClassParams set in the previous step name: alb
For more information on configuration options, see IngressClassParams Reference.
Step 3: Create Ingress
Create an Ingress
resource. The purpose of this resource is to associate paths and ports on the Application Load Balancer with workloads in your cluster.
For more information about configuring this resource, see Ingress
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: 2048-ingress spec: # this matches the name of IngressClass. # this can be omitted if you have a default ingressClass in cluster: the one with ingressclass.kubernetes.io/is-default-class: "true" annotation ingressClassName: alb rules: - http: paths: - path: /* pathType: ImplementationSpecific backend: service: name: <your-service> port: number: 80
Step 4: Check Status
Use kubectl
to find the status of the Ingress
. It can take a few minutes for the load balancer to become available.
Use the name of the Ingress
resource you set in the previous step.
kubectl get ingress <ingress-name>
Once the resource is ready, retrieve the domain name of the load balancer.
kubectl get ingress api-ingress -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
To view the service in a web browser, review the port and path specified in the Ingress
rescue.
Step 5: Cleanup
To clean up the load balancer, use the following command:
kubectl delete ingress <ingress-name>
EKS Auto Mode will automatically delete the associated load balancer in your AWS account.
IngressClassParams Reference
The table below is a quick reference for commonly used configuration options.
Field | Description | Example Value |
---|---|---|
|
Defines whether the ALB is internal or internet-facing |
|
|
Restricts which namespaces can use this IngressClass |
|
|
Groups multiple Ingresses to share a single ALB |
|
|
Sets IP address type for the ALB |
|
|
List of subnet IDs for ALB deployment |
|
|
Tag filters to select subnets for ALB |
|
|
ARNs of SSL certificates to use |
|
|
Custom tags for AWS resources |
|
|
Load balancer specific attributes |
|
Considerations
-
You cannot use Annotations on an IngressClass to configure load balancers with EKS Auto Mode.
-
The following options are not supported:
-
group.name
onIngressClassParams
-
-
You must update the Cluster IAM Role to enable tag propagation from Kubernetes to AWS Load Balancer resources. For more information, see Custom AWS tags for EKS Auto resources.
-
For information about associating resources with either EKS Auto Mode or the self-managed AWS Load Balancer Controller, see Migration Reference.
-
For information about fixing issues with load balancers, see Troubleshoot EKS Auto Mode.
-
For more considerations about using the load balancing capability of EKS Auto Mode, see Load balancing.
The following tables provide a detailed comparison of changes in IngressClassParams, Ingress annotations, and TargetGroupBinding configurations for EKS Auto Mode. These tables highlight the key differences between the load balancing capability of EKS Auto Mode and the open source load balancer controller, including API version changes, deprecated features, and updated parameter names.
IngressClassParams
Previous | New | Description |
---|---|---|
|
|
API version change |
|
|
Support for multiple certificate ARNs |
|
|
Changed subnet matching schema |
|
|
Simplified attribute naming |
Ingress annotations
Previous | New | Description |
---|---|---|
|
Not supported |
Use |
|
Not supported |
Specify groups in IngressClass only |
|
Not supported |
Use WAF v2 instead |
|
Not supported |
Use WAF v2 instead |
|
Not supported |
Shield integration disabled |
TargetGroupBinding
Previous | New | Description |
---|---|---|
|
|
API version change |
|
|
Explicit target type specification |
|
Not supported |
No longer supports NLB without security groups |