How to configure nginx ingress to use single ingress load balancer for multiple hosts and multiple namespaces

Question

I'm planning to deploy more than 30 apps in 5 namespaces. I will be using existing AWS EKS 1.21 Cluster. All the apps will be requiring external access because it's being used by clients. I don't want to use multiple load balancers to ease the management and also avoiding extra cost on AWS side (because ELB is charged based on hourly usage too.)

What I'm trying to do it basically ;

 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: random-ingress
 spec:
   rules:
   - host: randomhost-in-namespace1.com
     http:
       paths:
       - path: /
         backend:
           serviceName: randomhost-in-namespace1 (in first namespace)
           servicePort: 80
   - host: randomhost-in-namespace2.com
     http:
       paths:
       - path: /
         backend:
           serviceName: randomhost-in-namespace2 (in second namespace)
           servicePort: 80
   - host: randomhost-in-namespace1.com
     http:
       paths:
       - path: /
         backend:
           serviceName: randomhost-in-namespace3 (in third namespace)
           servicePort: 80

Something like this.

Is it possible to cover all these apps in all these namespaces with a single ingress load balancer? I didn't find any clear information about this.

Any help will be highly appreciated. Thank you.

Answer 1

using the AWS LB Controller and not Nginx LB, you can have 1x ALB, re-used by each namespace.

define Ingress.yaml file per namespace and annotate them with the same alb-group-name.

If group.name specified, all Ingresses with this IngressClass will belong to the same IngressGroup specified and result in a single ALB.

the AWS LB Controller will then create 1x ALB, it desired rules, listeners to TG's and register the right EC2 nodes etc.

this can be something like this:

Ingress-namespace1.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: random-ingress
  namespace: namespace1
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name: my-group
    alb.ingress.kubernetes.io/scheme: internet-facing
spec:
  rules:
    - host: randomhost-in-namespace1.com
      http:
        paths:
          - path: /
            backend:
              serviceName: randomhost-in-namespace1 (in first namespace)
              servicePort: 80

Ingress-namespace2.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: random-ingress
  namespace: namespace2
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name: my-group
    alb.ingress.kubernetes.io/scheme: internet-facing
spec:
  rules:
    - host: randomhost-in-namespace2.com
      http:
        paths:
          - path: /
            backend:
              serviceName: randomhost-in-namespace2 (in second namespace)
              servicePort: 80

where both files contain same group.name and differ by their namespace and host rule.

you can also follow AWS LBC logs to see if everything has been created successfully (should contain no errors on logs):

kubectl logs deploy/aws-load-balancer-controller -n kube-system --follow