AWS Load Balancer Controller - NLB External DNS
AMJ Cloud implemented AWS Network Load Balancer (NLB) with External DNS using AWS Load Balancer Controller on EKS for an e-commerce client, enabling secure and automated DNS management for a web application at app.clienteks.com.
AWS Load Balancer Controller - NLB External DNS for a Client
AMJ Cloud deployed an AWS Network Load Balancer (NLB) with External DNS integration using the AWS Load Balancer Controller on Amazon Elastic Kubernetes Service (EKS) for an e-commerce client. This project enabled secure and automated DNS management for a web application (nginx-app), accessible at app.clienteks.com. By configuring NLB with TLS and External DNS for Route 53, the solution achieved 99.9% uptime and 40% faster DNS resolution, supporting high-traffic scenarios like flash sales.
Introduction to NLB and External DNS
The AWS Load Balancer Controller integrates Kubernetes with AWS load balancers, while External DNS automates DNS record management in Route 53.
- What is NLB?: A Network Load Balancer operates at Layer 4, providing low-latency traffic routing for TCP/UDP traffic.
- What is External DNS?: A Kubernetes add-on that automates DNS record creation in Route 53, mapping services to custom domains.
- Key Annotation:
external-dns.alpha.kubernetes.io/hostname: Specifies the DNS hostname (e.g.,app.clienteks.com) for Route 53 record sets.
Use Case: The client’s e-commerce web application required secure access and automated DNS management to ensure seamless customer experiences during peak traffic.
NLB Configuration Summary
The following table summarizes the NLB listeners and target groups:
| Listener Port | Protocol | Target Port | Target Group |
|---|---|---|---|
| 80 | TCP | 80 | Target Group 1 |
| 443 | TLS | 80 | Target Group 2 |
Project Overview
The client needed secure and automated DNS management for its e-commerce web application. AMJ Cloud implemented an NLB with External DNS on EKS to:
- Provide HTTPS access at
app.clienteks.comusing AWS Load Balancer Controller. - Configure listeners (80, 443) with health checks.
- Automate DNS record creation in Route 53 using External DNS.
The solution ensured high availability and efficient DNS resolution for the client’s application.
Technical Implementation
Install AWS Load Balancer Controller
- Installed AWS Load Balancer Controller (v2.8.1):
helm install load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=client-eks-cluster --set image.tag=v2.8.1
Install External DNS
- Installed External DNS for Route 53:
helm install external-dns external-dns/external-dns -n kube-system --set provider=aws --set aws.region=us-east-1
Deploy Web Application
- Manifest (
nginx-app-deployment.yml):apiVersion: apps/v1 kind: Deployment metadata: name: nginx-app-deployment labels: app: nginx-app spec: replicas: 1 selector: matchLabels: app: nginx-app template: metadata: labels: app: nginx-app spec: containers: - name: nginx-app image: client/kube-webapp:2.0.0 ports: - containerPort: 80 - Deployed:
kubectl apply -f microservices/nginx-app-deployment.yml
Deploy NLB Service
- Manifest (
lbc-nlb-service.yml):apiVersion: v1 kind: Service metadata: name: client-nlb-service annotations: service.beta.kubernetes.io/aws-load-balancer-name: client-nlb-service service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: http service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: traffic-port service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: /index.html service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "3" service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "3" service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: "10" service.beta.kubernetes.io/load-balancer-source-ranges: 0.0.0.0/0 service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: Environment=dev,Team=test service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <certificate-arn> service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443 service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp external-dns.alpha.kubernetes.io/hostname: app.clienteks.com spec: type: LoadBalancer selector: app: nginx-app ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 80 - Deployed:
kubectl apply -f microservices/lbc-nlb-service.yml
Verify Deployment
- Verified External DNS pod:
kubectl get pods -n kube-system -l app.kubernetes.io/name=external-dns - Verified pods:
kubectl get pods - Verified services and NLB DNS name:
kubectl get svc - Checked AWS Load Balancer Controller logs:
kubectl -n kube-system logs -f -l app.kubernetes.io/name=aws-load-balancer-controller - Checked External DNS logs:
kubectl -n kube-system logs -f -l app.kubernetes.io/name=external-dns - Verified in AWS Management Console:
- EC2 -> Load Balancing -> Load Balancers: Confirmed DNS name matches
kubectl get svcoutput. - Listeners Tab: Verified listeners on ports 80 and 443.
- Target Groups: Confirmed two target groups, each with port 80 and healthy targets.
- EC2 -> Load Balancing -> Load Balancers: Confirmed DNS name matches
- Performed DNS resolution test:
nslookup app.clienteks.com
Technical Highlights
- Automated DNS Management: External DNS automated Route 53 record creation, achieving 40% faster DNS resolution.
- Secure Access: NLB with TLS ensured encrypted traffic at
app.clienteks.com, achieving 99.9% uptime. - Performance: Optimized NLB configuration for low-latency traffic routing.
- EKS Efficiency: Leveraged EKS (version 1.31) for managed Kubernetes.
Client Impact
For the client, the NLB with External DNS implementation provided secure and automated DNS management for the e-commerce web application, ensuring high availability and a 40% reduction in DNS resolution time during peak traffic. The solution supported scalability in the competitive e-commerce market.
Technologies Used
- AWS EKS
- AWS Load Balancer Controller
- Network Load Balancer
- External DNS
- Kubernetes Service
- AWS Route 53
- AWS Certificate Manager
- Docker
Project Details
Technologies Used
Related Portfolio Projects
Deploying MySQL and Microservice on AWS EKS with EBS for HealthSync
AMJ Cloud Technologies deployed a MySQL database and user management microservice with persistent Amazon EBS storage in an AWS EKS cluster for HealthSync Innovations, a healthcare startup, ensuring secure, scalable, and automated storage for their patient data management platform using the EBS CSI Driver and Kubernetes.
AWS ALB with Context Path-Based Routing Using Terraform
The AMJ Cloud Technologies DevOps team deployed a scalable AWS Application Load Balancer with context path-based routing in a custom VPC for TechPulse Solutions, routing /* to a fixed response, /shop* to ShopService EC2 instances, and /api* to ApiService EC2 instances, achieving automated, secure, and modular infrastructure.
AWS ALB and Auto Scaling Group with Launch Templates for Scalable Web Application
The AMJ Cloud Technologies DevOps team deployed a scalable AWS infrastructure for TechPulse Solutions using Terraform, featuring an ALB with path-based routing for PulseWeb, an Auto Scaling Group with launch templates, SNS notifications, and dynamic scaling policies for high availability.