AWS Load Balancer Controller vs Kubernetes Gateway API Controller for AWS VPC Lattice

Overview Table

Feature	AWS Load Balancer Controller	Kubernetes Gateway API Controller for VPC Lattice
Primary Purpose	Integrate AWS ALB/NLB with Kubernetes Ingress/Service	Integrate Kubernetes Gateway API with AWS VPC Lattice
Resource Types	Ingress, Service	GatewayClass, Gateway, HTTPRoute, etc.
Supported Protocols	L4 (NLB), L7 (ALB)	HTTP, HTTPS, (gRPC planned), multi-protocol extensible
Scope	North-South (Ingress) traffic	East-West (Service mesh, cross-cluster, multi-account)
AWS Integration	AWS Elastic Load Balancers	AWS VPC Lattice (service mesh abstraction)
Portability	AWS-specific	Kubernetes-native, multi-cluster, multi-account
Extensibility	AWS-specific annotations	Role-oriented, extensible via Gateway API
Management	AWS-managed resources	Kubernetes-native resources mapped to VPC Lattice objects

AWS Load Balancer Controller

• What it does:
  Provisions and manages AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) for Kubernetes clusters by watching Ingress and Service resources.
• Use Case:
  Best for exposing Kubernetes services to the internet (north-south traffic) or internal AWS networks using native AWS load balancers.
• How it works:
  • Monitors Kubernetes Ingress and Service resources.
  • Creates and configures ALB/NLB in AWS.
  • Uses annotations for AWS-specific features (e.g., security groups, target types).
• Limitations:
  • Focused on ingress (north-south) traffic.
  • AWS-only; not portable across cloud providers.
  • Does not natively support VPC Lattice or service-mesh (east-west) scenarios.

Kubernetes Gateway API Controller for AWS VPC Lattice

• What it does:
  Implements the Kubernetes Gateway API to provision and manage AWS VPC Lattice resources, enabling advanced service networking (east-west traffic) across VPCs, accounts, and clusters.
• Use Case:
  Ideal for service-to-service (east-west) connectivity, multi-cluster, and multi-account service mesh scenarios. Supports advanced routing, security, and observability features.
• How it works:
  • Watches for Gateway API resources (GatewayClass, Gateway, HTTPRoute, etc.).
  • Maps these resources to VPC Lattice objects (Service Networks, Services, Target Groups).
  • Enables Kubernetes-native management of VPC Lattice networking, including cross-cluster and hybrid (EC2, Lambda, EKS) scenarios.
  • No need for sidecar proxies; integrates directly with AWS networking.
• Strengths:
  • Portable, extensible, and vendor-neutral.
  • Enables consistent application networking across AWS compute types and accounts.
  • Supports advanced traffic management, security policies, and observability.
  • Designed for large-scale, complex, or hybrid environments.

Key Differences

• Traffic Focus:
  • AWS Load Balancer Controller: Primarily for north-south (external ingress) traffic using traditional AWS load balancers.
  • Gateway API Controller for VPC Lattice: Focused on east-west (service-to-service) traffic, multi-cluster, and multi-account connectivity with service mesh-like features.
• Resource Model:
  • Load Balancer Controller: Uses Ingress and Service resources with AWS-specific annotations.
  • Gateway API Controller: Uses Kubernetes-native Gateway API resources, mapped to VPC Lattice objects.
• Extensibility and Portability:
  • Load Balancer Controller: AWS-specific, less portable.
  • Gateway API Controller: Kubernetes-standard, multi-vendor support, portable across clusters and accounts.
• Integration with AWS VPC Lattice:
  • Load Balancer Controller: Does not natively provision or manage VPC Lattice resources.
  • Gateway API Controller: Directly provisions and manages VPC Lattice resources, enabling advanced service networking.

When to Use Each

• Use AWS Load Balancer Controller if:
  • You need to expose Kubernetes services to the internet or internal AWS networks via ALB/NLB.
  • Your focus is on traditional ingress (north-south) traffic within AWS.
• Use Kubernetes Gateway API Controller for VPC Lattice if:
  • You require advanced service-to-service (east-west) connectivity, multi-cluster, or multi-account networking.
  • You want to leverage VPC Lattice’s service mesh features (security, observability, hybrid targets).
  • You prefer Kubernetes-native, portable, and extensible networking management.

---

1️⃣ AWS Load Balancer Controller

• Purpose:
  Provisions and manages AWS Elastic Load Balancers (ALB/NLB) for your Kubernetes services and ingresses.
• Kubernetes Resources Supported:
  • Ingress
  • Service of type LoadBalancer
  • Now also supports Gateway API (for ALB) (but NOT VPC Lattice!)
• How it works:
  • Deploys an ALB or NLB for each relevant K8s resource.
  • Integrates tightly with native AWS networking (Security Groups, IAM, WAF, etc.).
• Traffic Path:
  Client → AWS ALB/NLB → Kubernetes Pods/Services
• Supported AWS Networking:
  • Classic Load Balancer
  • ALB (Application LB)
  • NLB (Network LB)
  • NOT VPC Lattice

---

2️⃣ Kubernetes Gateway API Controller for AWS VPC Lattice

(sometimes called “AWS VPC Lattice Controller for K8s”)

• Purpose:
  Manages AWS VPC Lattice Service Networks using Kubernetes-native Gateway API CRDs.
• Kubernetes Resources Supported:
  • GatewayClass, Gateway, HTTPRoute, GRPCRoute, ServiceExport
• How it works:
  • Translates Gateway API resources to AWS VPC Lattice configuration.
  • Provisions and manages Lattice Service Networks, Services, and auth/networking policies.
  • Uses AWS’s new Lattice managed service mesh/data plane.
• Traffic Path:
  Client (in VPC or via Lattice integration) → AWS VPC Lattice → Kubernetes Pods/Services
• Supported AWS Networking:
  • VPC Lattice only
  • NOT Classic ELB, ALB, or NLB

---

🔑 Key Differences Table

Aspect	AWS Load Balancer Controller	Gateway API Controller for AWS VPC Lattice
AWS Service Used	ALB/NLB (Elastic Load Balancer)	VPC Lattice
K8s API Support	Ingress, Service (LoadBalancer), Gateway (ALB only)	Gateway API (GatewayClass, Gateway, Route)
Cross-VPC Service Mesh	❌ Not supported	✅ Native with Lattice
Traffic Management	L7 (ALB), L4 (NLB), AWS features (OIDC, WAF)	L7/L4, fine-grained policies, service mesh-like
AuthZ/AuthN	ALB/NLB features (OIDC, WAF, etc.)	Lattice AuthN/AuthZ, service-to-service policy
Multi-cluster/Multi-VPC	Only with complex setup	Native in Lattice
Supported Controllers	Only AWS LB Controller	AWS VPC Lattice K8s Controller
Portability	AWS-only, ALB/NLB	AWS-only, Lattice
Advanced Routing	Limited to what ALB/NLB can do	Modern routing, policies, multi-VPC/service-mesh

---

🚦 When to Use Which?

Use AWS Load Balancer Controller if:

• You need classic AWS ALB/NLB integration.
• Your traffic comes primarily from the internet or traditional AWS endpoints.
• You want features like WAF, OIDC on ALB, AWS SSL/TLS termination.
• You’re using K8s Ingress or Service of type LoadBalancer.

Use K8s Gateway API Controller for AWS VPC Lattice if:

• You want to leverage AWS’s next-gen Lattice mesh for service-to-service, multi-VPC, or multi-account connectivity.
• You want modern traffic policy, AuthN/AuthZ, or advanced cross-VPC routing.
• You want a future-proof, service-mesh-like architecture but fully managed by AWS.
• You want full Kubernetes Gateway API experience on AWS.

---

Architecture Diagrams

AWS Load Balancer Controller:

Internet/Client
      |
   [ALB/NLB]
      |
  [K8s Service/Pod]

Gateway API Controller for AWS VPC Lattice:

Client in any VPC / Account / On-prem
      |
 [VPC Lattice Service Network]
      |
   [K8s Gateway API (Gateway, HTTPRoute)]
      |
  [K8s Service/Pod]

---

Summary Table

Feature	ALB/NLB Controller	VPC Lattice Gateway API Controller
AWS Service	ALB, NLB	VPC Lattice
Supports Gateway API	Only for ALB (partial)	Yes, full Gateway API
Mesh/Multi-VPC	No	Yes (via Lattice)
Traffic Policy	Basic, ALB/NLB rules	Advanced (Gateway API + Lattice)
Security	ALB/NLB OIDC, WAF	Lattice AuthN/AuthZ, fine-grained
Best for	Internet → K8s Service	Cross-VPC/Account, internal/external

---

---