Why 'api' use NLB, not ALB in Amazon EKS?

이민석's avatar
Mar 05, 2024
Why 'api' use NLB, not ALB in Amazon EKS?

Introduction

Thank you for clicking through to my arcticle. I've been a DevOps engineer for 2 years in dev-team of 7 engineers.

My name is MINSEOK, LEE, but I use Unchaptered as an alias on the interenet. So, you can call me anythings "MINSEOK, LEE" or "Unchaptered" to ask something.


 

Topic

In this article, I'll cover the following:

  1. What is api(kubectl-apiserver) in kubernetes?

  2. Why are Amazon EKS use NLB in front of api?

  3. Why are Amazon EKS use ALB back of api?

What's the api?

Kubernetes (Docs) | Kubernetes API Concepts

커피고래의 노트 (Blog) | 쿠버네티스 API서버는 정말 그냥 API서버라구욧

The "kubectl-apiserver(as api)" is RESTful interface provided via HTTP.
It supports retrieving, creating, updating and deleting primary resources via the standard HTTP verbs (POST, PUT, PATCH, DELETE, GET)

The API docs for the api are 144,000 lines

Amazon EKS Fundamental Architecture

Amazon EKS provides Full-managed Control Plane.
Looking at the internal structure, there is an NLB between the client and the api, and ELB(ALB) between the api and etc.

  • NLB(L7 : Network Load Balancer) : in front of api

  • ALB(L4 : Application Load Balancer) : back of api
     

Looking at the internal structure, there is an NLB between the client and the API, and an ELB (ALB) between the API and the ETC.

Why are Amazon EKS use NLB in front of api?

As mentioned earlier, the API is a RESTful API.
In Amazon EKS, the aws deploy k8s api into 2 AZs.

Therefore, we need to set up a Load Balancer so that commands entered by k8s operators can arrive at either of the 2 AZs.

There is no requirement for L7-only routing with L7-only information from the Amazon EKS architecture to the K8S API Server.

So in this case, we don't need to decapsulate up to L7 for networking routing.
With L4 routing, your network routing performacne can be hundreds of times faster.

So, at the front of the Control Plane , the NLB is connected.

Why are Amazon EKS use ALB back of api?

But between the api and etcd or between the api and resources in data plane, you need sophisticated routing for 144,000 API specifications.

Therefore, it makes sense to use ALB rather than NLB.

Conclusion

Overall the decision, Amazon EKS used NLB and ALB in each position, is term of efficiency. According to OSI 7 Layer theory, load balancer at lower layer are more efficient than higher layer's it.

If you don't need routing based on high-layer-only data, L4 load balancer is more efficient than L7 load balancer.

Share article

Unchaptered