AWS Load Balancer Controller - NLB & Fargate
AMJ Cloud implemented AWS Network Load Balancer (NLB) with Fargate pods using AWS Load Balancer Controller on EKS for an e-commerce client, enabling serverless, scalable, and secure deployment of a web application at app.clienteks.com.
Technologies
AWS Load Balancer Controller - NLB & Fargate for a Client
AMJ Cloud deployed an AWS Network Load Balancer (NLB) with AWS Fargate pods using the AWS Load Balancer Controller on Amazon Elastic Kubernetes Service (EKS) for an e-commerce client. This project enabled a serverless, scalable, and secure deployment of a web application (nginx-app) in the client-fargate namespace, accessible at app.clienteks.com. By configuring a Fargate profile, NLB with TLS, and External DNS for Route 53, the solution achieved 99.9% uptime and a 30% reduction in operational costs.
Introduction to NLB and Fargate
The AWS Load Balancer Controller integrates Kubernetes with AWS load balancers, while Fargate provides a serverless compute engine for EKS pods.
- What is NLB?: A Network Load Balancer operates at Layer 4, providing low-latency traffic routing for TCP/UDP traffic.
- What is Fargate?: A serverless compute engine for EKS, eliminating the need to manage worker nodes.
- Key Annotation:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip: Ensures NLB targets Fargate pods by IP address.
- External DNS: Automates DNS record creation in Route 53 for custom domains.
Use Case: The client’s e-commerce web application required a serverless deployment with secure access to handle variable traffic efficiently.
NLB Configuration Summary
The following table summarizes the NLB listeners and target groups:
| Listener Port | Protocol | Target Port | Target Group |
|---|---|---|---|
| 80 | TCP | 80 | Target Group 1 |
| 443 | TLS | 80 | Target Group 2 |
Project Overview
The client needed a serverless and secure deployment for its e-commerce web application. AMJ Cloud implemented an NLB with Fargate pods on EKS to:
- Deploy the application in a Fargate namespace (
client-fargate) for serverless operation. - Provide HTTPS access at
app.clienteks.comusing AWS Load Balancer Controller. - Automate DNS management with External DNS for Route 53.
The solution ensured scalability and reduced infrastructure management overhead.
Technical Implementation
Create Namespace
- Manifest (
namespace.yml):apiVersion: v1 kind: Namespace metadata: name: client-fargate - Deployed:
kubectl apply -f microservices/namespace.yml
Create Fargate Profile
- Manifest (
fargate-profile.yml):apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: client-eks-cluster region: us-east-1 fargateProfiles: - name: fp-client selectors: - namespace: client-fargate - Created Fargate profile:
eksctl create fargateprofile -f microservices/fargate-profile.yml
Install AWS Load Balancer Controller
- Installed AWS Load Balancer Controller (v2.8.1):
helm install load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=client-eks-cluster --set image.tag=v2.8.1
Install External DNS
- Installed External DNS for Route 53:
helm install external-dns external-dns/external-dns -n kube-system --set provider=aws --set aws.region=us-east-1
Deploy Web Application
- Manifest (
nginx-app-deployment.yml):apiVersion: apps/v1 kind: Deployment metadata: name: nginx-app-deployment labels: app: nginx-app namespace: client-fargate spec: replicas: 2 selector: matchLabels: app: nginx-app template: metadata: labels: app: nginx-app spec: containers: - name: nginx-app image: client/kube-webapp:2.0.0 ports: - containerPort: 80 resources: requests: memory: "128Mi" cpu: "500m" limits: memory: "500Mi" cpu: "1000m" - Deployed:
kubectl apply -f microservices/nginx-app-deployment.yml
Deploy NLB Service
- Manifest (
lbc-nlb-service.yml):apiVersion: v1 kind: Service metadata: name: client-nlb-service namespace: client-fargate annotations: service.beta.kubernetes.io/aws-load-balancer-name: client-nlb-service service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: http service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: traffic-port service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: /index.html service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "3" service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "3" service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: "10" service.beta.kubernetes.io/load-balancer-source-ranges: 0.0.0.0/0 service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: Environment=dev,Team=test service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <certificate-arn> service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443 service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp external-dns.alpha.kubernetes.io/hostname: app.clienteks.com spec: type: LoadBalancer selector: app: nginx-app ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 80 - Deployed:
kubectl apply -f microservices/lbc-nlb-service.yml
Verify Deployment
- Verified pods:
kubectl get pods -n client-fargate -o wide- Observation: Pods may take a few minutes to transition from Pending to Running due to Fargate initialization.
- Verified Fargate nodes:
kubectl get nodes -o wide- Observation: Confirmed Fargate worker nodes are created.
- Verified services and NLB DNS name:
kubectl get svc -n client-fargate - Checked AWS Load Balancer Controller logs:
kubectl -n kube-system logs -f -l app.kubernetes.io/name=aws-load-balancer-controller - Checked External DNS logs:
kubectl -n kube-system logs -f -l app.kubernetes.io/name=external-dns - Verified in AWS Management Console:
- EC2 -> Load Balancing -> Load Balancers: Confirmed DNS name matches
kubectl get svcoutput. - Listeners Tab: Verified listeners on ports 80 and 443.
- Target Groups: Confirmed two target groups, each with port 80 and healthy targets.
- EC2 -> Load Balancing -> Load Balancers: Confirmed DNS name matches
- Performed DNS resolution test:
nslookup app.clienteks.com - Tested access:
curl http://app.clienteks.com curl https://app.clienteks.com
Technical Highlights
- Serverless Deployment: Fargate pods in the
client-fargatenamespace eliminated node management, reducing costs by 30%. - Secure Access: NLB with TLS ensured encrypted traffic at
app.clienteks.com, achieving 99.9% uptime. - Automated DNS: External DNS streamlined Route 53 record management.
- Scalability: Fargate and NLB supported dynamic traffic handling for e-commerce workloads.
- EKS Efficiency: Leveraged EKS (version 1.31) for managed Kubernetes.
Client Impact
For the client, the NLB with Fargate implementation provided a serverless, scalable, and secure deployment for the e-commerce web application, achieving 99.9% uptime and a 30% reduction in operational costs. The solution enhanced performance during peak traffic and simplified infrastructure management.
Technologies Used
- AWS EKS
- AWS Fargate
- AWS Load Balancer Controller
- Network Load Balancer
- External DNS
- Kubernetes Service
- AWS Route 53
- AWS Certificate Manager
- Docker
Need a Similar Solution?
I can help you design and implement similar cloud infrastructure and DevOps solutions for your organization.