Decide on Kubernetes Ingress Controller(s)
Recommendation
With EKS Auto Mode, AWS natively manages the
load balancer controller as part of the cluster. There is no need to deploy a separate ingress controller — Auto Mode
handles ALB and NLB provisioning automatically based on Ingress and Service annotations.
The eks/ingress-class component configures the default
Kubernetes IngressClass for ALB-based routing. It automatically detects whether Auto Mode is enabled via the
eks/cluster component state and adjusts its behavior accordingly.
Considerations
Kubernetes supports any number of ingress controllers deployed multiple times. With EKS Auto Mode, the AWS load balancer controller is built-in and requires no manual deployment or lifecycle management.
Key benefits of the Auto Mode approach:
- No Helm chart to manage — the controller is provisioned and upgraded by AWS as part of the cluster
- Native ALB/NLB support — ALBs and NLBs are provisioned based on standard Kubernetes
IngressandServiceannotations, including WAF integration - ACM certificates — TLS certificates from AWS Certificate Manager are supported natively via annotations
- Simplified operations — no controller pods to monitor, scale, or troubleshoot
as with self-signed certificates and a TLS sidecar like Envoy or Nginx. Without this, traffic is in clear-text between the ALB and the downstream service or pod.
Legacy Approach
Prior to EKS Auto Mode, the reference architecture deployed the aws-loadbalancer-controller (aka
aws-alb-ingress-controller v2) as a self-managed Helm chart via the eks/alb-controller component, with
eks/alb-controller-ingress-group to create shared ALBs. These components have been removed from the scaffold in
favor of Auto Mode. See the migration notes for details.