0

Does anybody know if it is possible (and how) to share the same ELB between two Ingress Controllers on different EKS clusters in the same VPC?

I have one cluster EKS cluster already running and I just created a second one. I'd like to use the same ELB that is being used for the first in the second's ingress controller. Is is possible?

I tried installing a new IngressController through Helm on my second cluster and update its config to point to the existing ELB, but the IngressController service stays awaiting (on pending state) forever.

1 Answer 1

1

I have one cluster EKS cluster already running and I just created a second one. I'd like to use the same ELB that is being used for the first in the second's ingress controller. Is is possible?

The short version is yes, the long version is "but you for sure do not want to".

If one looks at the way traffic arrives from the wild Internet into your cluster:

{ Internet } --> ELB --> Node --> NodePort --> Service

it's more helpful to see why the answer is "yes" but also why the answer is "but don't do that" since in your hypothetical situation you'd have

{ Internet } --> ELB --> Node --> NodePort --> Service
                     \
                      --> cluster-2-Node --> cluster-2-NodePort --> cluster-2-Service

meaning that the ELB would round-robin requests across both clusters because it wouldn't have any way to know which machines to send the "real" traffic to. Now, if your clusters happen to be perfect mirrors of one another, lucky you, it'll probably work for a while1 but it's for sure swimming upstream of the way kubernetes and ELBs want to work. The less "server-fault-question-asking" way of doing that is to make a CNAME for both ELBs and then let DNS round-robin the traffic

fn 1: the "for a while" part is that the association between the ELB and the instances to which it is registered are kept in sync by kube-controller-manager and thus when its reconciliation loop runs and it finds "foreign" Nodes attached to "its" ELB, it'll evict them

1
  • 1
    Great explanation @mdaniel, thank you.
    – Jaumzera
    Commented Mar 8, 2023 at 13:06

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .