In AWS EKS, exposing each application with its own LoadBalancer is costly and inefficient. A smarter approach is using an **NGINX Ingress Controller**, which allows routing multiple applications through a single LoadBalancer — using **host-based HTTP routing** and **TCP port-based routing**. This guide explains how to: - Deploy NGINX Ingress Controller via Helm - Set up host-based routing for HTTP apps - Configure TCP routing for non-HTTP services - Map domains via Cloudflare - Reference official docs --- ## Why Use NGINX Ingress Controller in AWS EKS ? <img src={require('./img/5217215.jpg').default} alt="Confused users evaluating Kubernetes ingress options in AWS EKS" width="550" height="500"/> <br/> | Benefits | |----------| | One LoadBalancer for many services | | Lower costs | | Host & path-based routing | | Supports TCP & HTTP apps | | Works with Cloudflare | | Centralized config | --- ## Prerequisites - EKS Cluster - Helm, kubectl, eksctl - Cloudflare account - Domain for your app - Applications/services already deployed in Kubernetes --- ## Step 1: Install NGINX Ingress Controller on EKS using Helm <img src={require('./img/9907646.jpg').default} alt="Person setting up NGINX Ingress Controller via Helm in a Kubernetes environment" width="550" height="500"/> <br/> ```bash helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm install ingress-nginx ingress-nginx/ingress-nginx \ --create-namespace \ --namespace ingress-nginx \ --set controller.service.type=LoadBalancer ``` For advanced configurations, refer to the [official NGINX Ingress Helm chart documentation](https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx). This exposes the controller via a single ELB. --- ## Step 2: Get ELB DNS for Ingress Controller ```bash kubectl get svc -n ingress-nginx ``` Note the external ELB DNS, e.g.: ``` a1b2c3d4e5f6g7.elb.amazonaws.com ``` --- ## Step 3: Configure DNS for NGINX Ingress with Cloudflare <img src={require('./img/6030573.jpg').default} alt="DevOps engineer configuring DNS records in Cloudflare for EKS ingress routing" width="600" height="500"/> <br/> 1. Go to DNS settings 2. Add a record: - Type: `CNAME` or `A` - Name: `your-subdomain.yourdomain.com` - Target: ELB DNS - Proxy status: DNS Only or Proxied For Cloudflare-specific optimizations, check [Cloudflare’s Kubernetes integration guide](https://developers.cloudflare.com/fundamentals/setup/). --- ## Step 4: HTTP Host-Based Ingress Example Here's a sample Ingress manifest: ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: pubggpiro9ypjn-ing namespace: pubggpiro9ypjn annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - host: metube-app-622604.clb2.nifetency.com http: paths: - path: / pathType: Prefix backend: service: name: service-f35714cd-4cb5-4f7e-b9db-4daa699640b3 port: number: 8081 ``` Apply the file: ```bash kubectl apply -f ingress.yaml ``` Learn more about Ingress annotations in the [Kubernetes Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/). --- ## Step 5: Enable TCP Routing in NGINX Ingress (Optional) ### Step 5.1: Create TCP ConfigMap ```yaml apiVersion: v1 kind: ConfigMap metadata: name: tcp-services namespace: ingress-nginx data: "5432": "my-namespace/postgres-service:5432" ``` ### Step 5.2: Upgrade Controller to Load TCP ConfigMap ```bash helm upgrade ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --set controller.extraArgs.tcp-services-configmap=ingress-nginx/tcp-services ``` Or during first install: ```bash helm install ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --set controller.extraArgs.tcp-services-configmap=ingress-nginx/tcp-services \ --set controller.service.type=LoadBalancer ``` For troubleshooting TCP routing, see [NGINX’s TCP/UDP passthrough guide](https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/). --- ## Step 6: Expose TCP Port in LoadBalancer Edit the controller service: ```bash kubectl edit svc ingress-nginx-controller -n ingress-nginx ``` Add: ```yaml ports: - name: postgres port: 5432 targetPort: 5432 protocol: TCP ``` --- ## Routing Overview | Type | Uses | Ingress Object? | ConfigMap? | DNS | |--------|-----------------------|------------------|------------|-----| | HTTP | Web apps, APIs | Yes | No | Subdomain | | TCP | PostgreSQL, Redis | No | Yes | Same ELB + Port | ## Tips - Use `ingressClassName: nginx` to prevent conflicts. - Use cert-manager for HTTPS/TLS termination. - Isolate apps using namespaces. - Annotate Ingress for rewrites, caching, rate-limiting, etc. --- ## Conclusion: Unified HTTP and TCP Routing on EKS with Ingress With this setup, you can serve both HTTP and TCP apps in your EKS cluster using a **single LoadBalancer**, simplifying your architecture and saving costs. HTTP traffic is managed using Ingress resources with host rules, while TCP apps like databases are handled using a custom ConfigMap. This architecture is production-ready when combined with Cloudflare for DNS, TLS, and protection. For cluster management solutions, explore our [Nife's Managed Clusters platform](https://nife.io/solutions/Manage%20Clusters). Discover solutions for [Managing Multiple Organizations](https://nife.io/solutions/Managing%20Multiple%20Organizations) across your infrastructure
