AWS Load Balancer Controller vs Kubernetes Gateway API Controller for AWS VPC Lattice
Overview Table
Feature | AWS Load Balancer Controller | Kubernetes Gateway API Controller for VPC Lattice |
---|---|---|
Primary Purpose | Integrate AWS ALB/NLB with Kubernetes Ingress/Service | Integrate Kubernetes Gateway API with AWS VPC Lattice |
Resource Types | Ingress, Service | GatewayClass, Gateway, HTTPRoute, etc. |
Supported Protocols | L4 (NLB), L7 (ALB) | HTTP, HTTPS, (gRPC planned), multi-protocol extensible |
Scope | North-South (Ingress) traffic | East-West (Service mesh, cross-cluster, multi-account) |
AWS Integration | AWS Elastic Load Balancers | AWS VPC Lattice (service mesh abstraction) |
Portability | AWS-specific | Kubernetes-native, multi-cluster, multi-account |
Extensibility | AWS-specific annotations | Role-oriented, extensible via Gateway API |
Management | AWS-managed resources | Kubernetes-native resources mapped to VPC Lattice objects |
AWS Load Balancer Controller
- What it does:
Provisions and manages AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) for Kubernetes clusters by watching Ingress and Service resources. - Use Case:
Best for exposing Kubernetes services to the internet (north-south traffic) or internal AWS networks using native AWS load balancers. - How it works:
- Monitors Kubernetes Ingress and Service resources.
- Creates and configures ALB/NLB in AWS.
- Uses annotations for AWS-specific features (e.g., security groups, target types).
- Limitations:
- Focused on ingress (north-south) traffic.
- AWS-only; not portable across cloud providers.
- Does not natively support VPC Lattice or service-mesh (east-west) scenarios.
Kubernetes Gateway API Controller for AWS VPC Lattice
- What it does:
Implements the Kubernetes Gateway API to provision and manage AWS VPC Lattice resources, enabling advanced service networking (east-west traffic) across VPCs, accounts, and clusters. - Use Case:
Ideal for service-to-service (east-west) connectivity, multi-cluster, and multi-account service mesh scenarios. Supports advanced routing, security, and observability features. - How it works:
- Watches for Gateway API resources (
GatewayClass
,Gateway
,HTTPRoute
, etc.). - Maps these resources to VPC Lattice objects (Service Networks, Services, Target Groups).
- Enables Kubernetes-native management of VPC Lattice networking, including cross-cluster and hybrid (EC2, Lambda, EKS) scenarios.
- No need for sidecar proxies; integrates directly with AWS networking.
- Watches for Gateway API resources (
- Strengths:
- Portable, extensible, and vendor-neutral.
- Enables consistent application networking across AWS compute types and accounts.
- Supports advanced traffic management, security policies, and observability.
- Designed for large-scale, complex, or hybrid environments.
Key Differences
- Traffic Focus:
- AWS Load Balancer Controller: Primarily for north-south (external ingress) traffic using traditional AWS load balancers.
- Gateway API Controller for VPC Lattice: Focused on east-west (service-to-service) traffic, multi-cluster, and multi-account connectivity with service mesh-like features.
- Resource Model:
- Load Balancer Controller: Uses Ingress and Service resources with AWS-specific annotations.
- Gateway API Controller: Uses Kubernetes-native Gateway API resources, mapped to VPC Lattice objects.
- Extensibility and Portability:
- Load Balancer Controller: AWS-specific, less portable.
- Gateway API Controller: Kubernetes-standard, multi-vendor support, portable across clusters and accounts.
- Integration with AWS VPC Lattice:
- Load Balancer Controller: Does not natively provision or manage VPC Lattice resources.
- Gateway API Controller: Directly provisions and manages VPC Lattice resources, enabling advanced service networking.
When to Use Each
- Use AWS Load Balancer Controller if:
- You need to expose Kubernetes services to the internet or internal AWS networks via ALB/NLB.
- Your focus is on traditional ingress (north-south) traffic within AWS.
- Use Kubernetes Gateway API Controller for VPC Lattice if:
- You require advanced service-to-service (east-west) connectivity, multi-cluster, or multi-account networking.
- You want to leverage VPC Lattice’s service mesh features (security, observability, hybrid targets).
- You prefer Kubernetes-native, portable, and extensible networking management.
1️⃣ AWS Load Balancer Controller
- Purpose:
Provisions and manages AWS Elastic Load Balancers (ALB/NLB) for your Kubernetes services and ingresses. - Kubernetes Resources Supported:
Ingress
Service
of typeLoadBalancer
- Now also supports Gateway API (for ALB) (but NOT VPC Lattice!)
- How it works:
- Deploys an ALB or NLB for each relevant K8s resource.
- Integrates tightly with native AWS networking (Security Groups, IAM, WAF, etc.).
- Traffic Path:
Client → AWS ALB/NLB → Kubernetes Pods/Services - Supported AWS Networking:
- Classic Load Balancer
- ALB (Application LB)
- NLB (Network LB)
- NOT VPC Lattice
2️⃣ Kubernetes Gateway API Controller for AWS VPC Lattice
(sometimes called “AWS VPC Lattice Controller for K8s”)
- Purpose:
Manages AWS VPC Lattice Service Networks using Kubernetes-native Gateway API CRDs. - Kubernetes Resources Supported:
GatewayClass
,Gateway
,HTTPRoute
,GRPCRoute
,ServiceExport
- How it works:
- Translates Gateway API resources to AWS VPC Lattice configuration.
- Provisions and manages Lattice Service Networks, Services, and auth/networking policies.
- Uses AWS’s new Lattice managed service mesh/data plane.
- Traffic Path:
Client (in VPC or via Lattice integration) → AWS VPC Lattice → Kubernetes Pods/Services - Supported AWS Networking:
- VPC Lattice only
- NOT Classic ELB, ALB, or NLB
🔑 Key Differences Table
Aspect | AWS Load Balancer Controller | Gateway API Controller for AWS VPC Lattice |
---|---|---|
AWS Service Used | ALB/NLB (Elastic Load Balancer) | VPC Lattice |
K8s API Support | Ingress, Service (LoadBalancer), Gateway (ALB only) | Gateway API (GatewayClass , Gateway , Route ) |
Cross-VPC Service Mesh | ❌ Not supported | ✅ Native with Lattice |
Traffic Management | L7 (ALB), L4 (NLB), AWS features (OIDC, WAF) | L7/L4, fine-grained policies, service mesh-like |
AuthZ/AuthN | ALB/NLB features (OIDC, WAF, etc.) | Lattice AuthN/AuthZ, service-to-service policy |
Multi-cluster/Multi-VPC | Only with complex setup | Native in Lattice |
Supported Controllers | Only AWS LB Controller | AWS VPC Lattice K8s Controller |
Portability | AWS-only, ALB/NLB | AWS-only, Lattice |
Advanced Routing | Limited to what ALB/NLB can do | Modern routing, policies, multi-VPC/service-mesh |
🚦 When to Use Which?
Use AWS Load Balancer Controller if:
- You need classic AWS ALB/NLB integration.
- Your traffic comes primarily from the internet or traditional AWS endpoints.
- You want features like WAF, OIDC on ALB, AWS SSL/TLS termination.
- You’re using K8s Ingress or Service of type LoadBalancer.
Use K8s Gateway API Controller for AWS VPC Lattice if:
- You want to leverage AWS’s next-gen Lattice mesh for service-to-service, multi-VPC, or multi-account connectivity.
- You want modern traffic policy, AuthN/AuthZ, or advanced cross-VPC routing.
- You want a future-proof, service-mesh-like architecture but fully managed by AWS.
- You want full Kubernetes Gateway API experience on AWS.
Architecture Diagrams
AWS Load Balancer Controller:
Internet/Client
|
[ALB/NLB]
|
[K8s Service/Pod]
Gateway API Controller for AWS VPC Lattice:
Client in any VPC / Account / On-prem
|
[VPC Lattice Service Network]
|
[K8s Gateway API (Gateway, HTTPRoute)]
|
[K8s Service/Pod]
Summary Table
Feature | ALB/NLB Controller | VPC Lattice Gateway API Controller |
---|---|---|
AWS Service | ALB, NLB | VPC Lattice |
Supports Gateway API | Only for ALB (partial) | Yes, full Gateway API |
Mesh/Multi-VPC | No | Yes (via Lattice) |
Traffic Policy | Basic, ALB/NLB rules | Advanced (Gateway API + Lattice) |
Security | ALB/NLB OIDC, WAF | Lattice AuthN/AuthZ, fine-grained |
Best for | Internet → K8s Service | Cross-VPC/Account, internal/external |
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND