Inbound Traffic Management with ALB Ingress Controller

Introduction:
Efficiently managing inbound traffic in a Kubernetes cluster is crucial for optimal application performance. Fortunately, the ALB (Application Load Balancer) Ingress Controller, coupled with Helm Chart, offers a powerful solution for simplifying traffic management. In this blog post, we will explore the benefits of using the ALB Ingress Controller with Helm Chart, understand its working principles, and demonstrate how to leverage it for effective inbound traffic management, including request redirection and SSL enforcement.

Understanding the ALB Ingress Controller:
The ALB Ingress Controller is an ingress controller specifically designed for the AWS Application Load Balancer. It allows you to seamlessly integrate your Kubernetes cluster with the AWS cloud platform, enabling advanced traffic management and routing capabilities. The ALB Ingress Controller functions as a bridge between your Kubernetes services and the AWS Application Load Balancer, providing efficient traffic distribution and routing within your cluster.

How the ALB Ingress Controller Works:
The ALB Ingress Controller works by leveraging Kubernetes Ingress resources to define traffic routing rules. When an incoming request reaches the ALB Ingress Controller, it evaluates the request’s host and path to determine the appropriate backend service within the cluster. The controller then utilizes the AWS Application Load Balancer to distribute the traffic to the specified backend service based on the defined rules.

Courtesy: Amazon

Benefits of Using Helm Chart for ALB Ingress Controller:
Using Helm Chart for deploying and managing the ALB Ingress Controller offers several advantages:

1. Simplified Deployment: Helm Chart provides a straightforward way to package and deploy complex applications, including the ALB Ingress Controller. With Helm, you can easily provision and configure the controller, streamlining the setup process and eliminating the need for manual resource creation.

2. Customizable Configurations: Helm Chart for the ALB Ingress Controller offers extensive configuration options. You can define various routing rules, SSL certificate settings, and traffic handling behaviors to align with your application’s requirements. This flexibility allows you to tailor the ALB Ingress Controller to meet specific needs.

3. Seamless Integration with AWS Services: The ALB Ingress Controller, in conjunction with Helm Chart, seamlessly integrates with AWS services. It leverages the AWS Application Load Balancer, taking advantage of its advanced features such as SSL termination, path-based routing, and sticky sessions. This integration ensures optimal performance and scalability when handling inbound traffic.

Incorporating the ALB Ingress Controller with Helm Chart:
To deploy the ALB Ingress Controller using Helm Chart and configure request redirection and SSL enforcement, follow these steps:

1. Install Helm: If you haven’t already, install Helm on your local machine or cluster.

2. Add the ALB Ingress Controller Helm Repository: Run the following command to add the ALB Ingress Controller repository:

helm repo add eks https://aws.github.io/eks-charts

3. Deploy the ALB Ingress Controller: Execute the Helm install command to deploy the ALB Ingress Controller, specifying the desired configurations:

helm install my-alb-controller eks/aws-alb-ingress-controller \
 - set clusterName=my-cluster \
 - set autoDiscoverAwsVpcID=true \
 - set autoDiscoverAwsRegion=true \
 - set awsRegion=us-west-2 \
 - set rbac.create=true

4. Define Ingress Rules for Request Redirection: Create an Ingress resource with the appropriate rules for request redirection. Here’s an example configuration.

5. Create your main directory named mychart. Create a file named Chart.yaml under it

apiVersion: v1
name: myapp
version: "1.0.0"
description: A Helm chart for request redirection and SSL enforcement 
appVersion: 1.0.0

6. Create a file named ingress.yaml under templates directory

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-alb-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/load-balancer-name: <load-balancer-name>
    alb.ingress.kubernetes.io/certificate-arn: <ssl-certificate-arn>
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/target-type: 'ip'
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.redirect-to-new-host: |
      {
          "type": "redirect",
          "redirectConfig": {
              "protocol": "HTTPS",
              "port": "443",
              "host": "<new-host-name>",
              "path": "#{path}",
              "query": "#{query}",
              "statusCode": "HTTP_301"
          }
      }
  labels:
    app: my-alb-ingress-app

spec:
  rules:
    - host: "<old-domain-name>"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: redirect-to-new-host
                port:
                  name: use-annotation

Make sure to replace the placeholder values with your own values. The above code will redirect all the requests from the old domain to the new domain with secure connection (with https protocol).

File structure looks something like this:

mychart
   └── templates
          └── ingress.yaml
   └── Chart.yaml

7. For deploying the helm chart. Run the following commands

1. helm package .
2. helm install <release-name> ./mychart

8. Once the chart is deployed, you can use Helm commands to manage and upgrade your application, such as helm upgrade, helm rollback, and helm uninstall

You can verify if you alb is created using kubectl get ingress. You should see the ALB DNS under the external ip. Once the helm chart is deployed, when you go for your old domain with http protocol, you will see that you are automatically redirecting to the new domain with https protocol

Conclusion:
The ALB Ingress Controller, in conjunction with Helm Chart, provides a powerful solution for simplifying inbound traffic management in Kubernetes clusters. By leveraging Helm’s streamlined deployment process and the ALB Ingress Controller’s advanced capabilities, such as request redirection and SSL enforcement, you can optimize traffic routing, enhance security, and ensure a superior user experience for your applications.

Reference:

1. https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/guide/use_cases/blue_green/#overview
2. https://repost.aws/knowledge-center/eks-kubernetes-dashboard-custom-path
3. https://www.densify.com/kubernetes-autoscaling/kubernetes-service-load-balancer/
4. https://medium.com/cloudzone/aws-alb-ingress-controller-guide-ec16233f5903