External DNS + Ingress Nginx + AWS ALB

Question

I got the following setup:

Ingress-Nginx-Controller (serviceType "NodePort")

AWS-Load-Balancer-Controller

External-DNS

I am exposing the Ingress-Nginx-Controller via an Ingress, backed by the AWS Load Balancer Controller both public and private. I chose this route, since it was pretty easy to limit the inbound CIDRs. And nginx ingress cannot create an ALB but only Classic LB or NLB.

kubectl -n ingress-nginx get ing

NAME CLASS  HOSTS  ADDRESS  PORTS  AGE
alb-ingress-connect-nginx  alb  *  xxxx.region.elb.amazonaws.com  80 2d8h

This ingress forwards all traffic to my nginx controller.

The service looks like

kubectl -n ingress-nginx get svc
NAME  TYPE CLUSTER-IP  EXTERNAL-IP  PORT(S) AGE
ingress-nginx-controller  NodePort a.b.c.d

I am trying to automatically setup dns records for my deployment via External-DNS. Therefore, I am creating an ingress for my deployment with ingress-class nginx and specified hostname.

Creating the records works, however it uses the IP of my ingress-nginx-controller service (a.b.c.d) instead of the loadbalancer's address.

Now my question: Is it possible to for external-dns to lookup the address of the nginx ingress or does this work only if the Nginx is exposed as service of type "LoadBalancer"?

Thanks for any help

you can directly use AWS ALB, tho without ingress nginx + External DNS without ingress nginx, under the hod ingress nginx using AWS CLB , seem like its overlapping each other. — kholisrag, Aug 23 '22 at 18:50
I don’t want to create an alb for each ingress as it adds up the cost. — Saurabh Taneja, Aug 24 '22 at 20:15
then don't use alb, just use nginx and add annotations to nginx service to create loadbalancer — kholisrag, Aug 25 '22 at 11:45
and ALB Ingress controller support Multiple domain and path when just using 1 ALB, you need to annotate the ingress with same group, even when you have multiple ingress manifest — kholisrag, Aug 25 '22 at 11:51
then don't use alb, just use nginx and add annotations to nginx service to create loadbalancer - that can only create a classic LB or an NLB. I want an ALB for security purpose so I can use WAF with it — Saurabh Taneja, Aug 29 '22 at 08:14
and ALB Ingress controller support Multiple domain and path when just using 1 ALB, you need to annotate the ingress with same group, even when you have multiple ingress manifest - do you mean we can have just 1 ALB and we can manage routes and paths with it? If yes, could you please share how? — Saurabh Taneja, Aug 29 '22 at 08:14
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#group.name https://blog.sivamuthukumar.com/aws-load-balancer-controller-on-eks-cluster — kholisrag, Aug 29 '22 at 10:46

score 0 · Answer 1 · answered Aug 25 '22 at 08:29

I am able to figure this out by using --publish-status-address in nginx controller to point to ALB. If you are using 2 ALBs (public and private), you need to create 2 nginx controllers with --publish-status-address points to each ALB. Also, remember to disable --publish-service parameter. And use different electionID for each controller if you have installed nginx controllers using Helm

External DNS + Ingress Nginx + AWS ALB

1 Answers1