AWS Load Balancer Controller - External DNS & Ingress for ShopVibe Enterprises

Deploying External DNS and ALB Ingress for ShopVibe Enterprises

AMJ Cloud Technologies partnered with ShopVibe Enterprises, an e-commerce company, to enhance their AWS Elastic Kubernetes Service (EKS) cluster by integrating External DNS with the AWS Load Balancer Controller. This project automated Route 53 DNS record creation for multiple DNS names and secured ShopVibe’s microservices (user management, frontend, and default interfaces) using SSL-enabled Ingress with Application Load Balancers (ALBs). Context path-based routing and HTTPS redirection ensured efficient and secure access, replacing manual DNS management and insecure HTTP traffic.

Situation

ShopVibe Enterprises required automated DNS management to support multiple domain names for their microservices, previously managed manually via Route 53. Building on a prior engagement with AMJ Cloud Technologies, which implemented SSL-enabled ALB Ingress, ShopVibe needed to automate DNS record creation for two DNS names (dnstest901.shopvibeenterprises.com, dnstest902.shopvibeenterprises.com) and enforce HTTPS redirection. AMJ was tasked with integrating External DNS to streamline Route 53 updates while maintaining secure, scalable access.

Task

The objectives were to:

• Update the Ingress manifest with External DNS annotations for two DNS names.
• Deploy and verify Kubernetes manifests for microservices and Ingress.
• Automate Route 53 record creation using External DNS.
• Enforce HTTPS redirection and verify health checks.
• Test application access via both DNS names (dnstest901.shopvibeenterprises.com, dnstest902.shopvibeenterprises.com).
• Complete the project within one month.

Action

Our team executed the following steps, adhering to AWS and Kubernetes best practices:

Prerequisites

• Used ShopVibe’s existing EKS cluster (ecommerce-cluster, version 1.31) with the AWS Load Balancer Controller (v2.8.0) installed:

  helm install load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=ecommerce-cluster --set image.tag=v2.8.0
  

• Installed External DNS on the EKS cluster:

  helm install external-dns external-dns/external-dns -n kube-system --set provider=aws --set aws.region=us-east-1
  

Configure IngressClass

• Used the existing default IngressClass:

  apiVersion: networking.k8s.io/v1
  kind: IngressClass
  metadata:
    name: alb-ingress-class
    annotations:
      ingressclass.kubernetes.io/is-default-class: "true"
  

Deploy Microservices

• Deployed ShopVibe’s microservices (frontend, backend, default) with ClusterIP Services:

  apiVersion: v1
  kind: Service
  metadata:
    name: frontend-service
    annotations:
      alb.ingress.kubernetes.io/healthcheck-path: /frontend/index.html
  spec:
    type: ClusterIP
    ports:
      - port: 80
  

• Applied similar configurations for backend-service (/backend/index.html) and default-service (/index.html) using files frontend-deployment.yaml, backend-deployment.yaml, and default-deployment.yaml.

Update Ingress with External DNS Annotations

• Updated the Ingress with External DNS and SSL annotations:

  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: multi-service-ingress
    annotations:
      alb.ingress.kubernetes.io/load-balancer-name: ecommerce-ingress
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:<account-id>:certificate/<certificate-id>
      alb.ingress.kubernetes.io/ssl-redirect: "443"
      external-dns.alpha.kubernetes.io/hostname: dnstest901.shopvibeenterprises.com, dnstest902.shopvibeenterprises.com
  spec:
    ingressClassName: alb-ingress-class
    rules:
      - http:
          paths:
            - path: /frontend
              pathType: Prefix
            - path: /backend
              pathType: Prefix
            - path: /
              pathType: Prefix
  

• Applied manifests:

  kubectl apply -f manifests/
  

Verify Deployments and DNS

• Verified Kubernetes resources:

  kubectl get ingress
  kubectl get deploy,pods,svc
  

• Checked External DNS logs for Route 53 record creation:

  kubectl logs -f $(kubectl get po -n kube-system | egrep -o 'external-dns[A-Za-z0-9-]+')
  

• Confirmed Route 53 record sets for dnstest901.shopvibeenterprises.com and dnstest902.shopvibeenterprises.com in the AWS Console.

Test Application Access

• Performed DNS resolution tests:

  nslookup dnstest901.shopvibeenterprises.com
  nslookup dnstest902.shopvibeenterprises.com
  

• Verified HTTPS access via both DNS names (HTTP redirects to HTTPS):

  https://dnstest901.shopvibeenterprises.com/frontend/index.html
  https://dnstest901.shopvibeenterprises.com/backend/index.html
  https://dnstest901.shopvibeenterprises.com/
  https://dnstest902.shopvibeenterprises.com/frontend/index.html
  https://dnstest902.shopvibeenterprises.com/backend/index.html
  https://dnstest902.shopvibeenterprises.com/
  

Result

The project delivered a secure, automated solution for ShopVibe Enterprises:

• Scalability Achievement: Handled high traffic with automated DNS for e-commerce microservices.
• Automation Level: Fully automated Route 53 DNS and Ingress setup via External DNS and Kubernetes manifests.
• Security Improvement: Enforced HTTPS with ACM certificates, health checks, and restricted IAM permissions.

Technologies Used

• AWS EKS
• AWS Load Balancer Controller
• Kubernetes Ingress
• External DNS
• Application Load Balancer
• AWS Route 53
• AWS Certificate Manager

Key Takeaways

This case study showcases AMJ Cloud Technologies’ expertise in automating DNS management for ShopVibe Enterprises’ e-commerce platform. External DNS integration with ALB Ingress streamlined Route 53 record creation, while SSL redirection ensured secure, scalable access, offering a model for similar industries.