AWS EKS Ingress Option: ALB + NGINX

Context:

I wanted to move away from certmanager+lets-encrypt based SSL termination on my nginx ingress pods and use the free ACM generated SSL certs and terminate them on the ALB. This free up my nginx ingress pods and let them do what they do best, routing.

Solution: (aws-alb-ingress-controller + nginx-ingress-controller)

I wouldn’t go too much details on implementation as I have created a helm chart wrapping the whole thing together: https://github.com/sajid2045/eks-alb-nginx-ingress

Motivation:

• aws-alb-ingress-controller is still in beta, I didn’t want to risk it dynamically changing route rules based on my ingress , I have seen people troubleshooting the ingress rules not changing properly. Also this is a hard change in aws target group which I wasn’t too comfortable with.
• I didn’t want to use one alb per ingress rule (which adds up in cost)
• nginx-ingress is battle tested
• By combining the two, I get the best of both world. My wildcard based dns ingress is only registered once in aws and only changes when my nginx ingress pods scale up/down
• There is an extra hop involved which I will need to find out the performance cost based on…