{"id":49966,"date":"2025-07-07T00:41:37","date_gmt":"2025-07-07T00:41:37","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=49966"},"modified":"2025-07-07T00:41:37","modified_gmt":"2025-07-07T00:41:37","slug":"difference-between-aws-load-balancer-controller-vs-kubernetes-gateway-api-controller-for-aws-vpc-lattice","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/difference-between-aws-load-balancer-controller-vs-kubernetes-gateway-api-controller-for-aws-vpc-lattice\/","title":{"rendered":"Difference between AWS Load Balancer Controller Vs Kubernetes Gateway API Controller for AWS VPC Lattice"},"content":{"rendered":"\n
AWS Load Balancer Controller vs Kubernetes Gateway API Controller for AWS VPC Lattice<\/h6>\n\n\n\n

Overview Table<\/h2>\n\n\n\n
Feature<\/th>AWS Load Balancer Controller<\/th>Kubernetes Gateway API Controller for VPC Lattice<\/th><\/tr><\/thead>
Primary Purpose<\/strong><\/td>Integrate AWS ALB\/NLB with Kubernetes Ingress\/Service<\/td>Integrate Kubernetes Gateway API with AWS VPC Lattice<\/td><\/tr>
Resource Types<\/strong><\/td>Ingress, Service<\/td>GatewayClass, Gateway, HTTPRoute, etc.<\/td><\/tr>
Supported Protocols<\/strong><\/td>L4 (NLB), L7 (ALB)<\/td>HTTP, HTTPS, (gRPC planned), multi-protocol extensible<\/td><\/tr>
Scope<\/strong><\/td>North-South (Ingress) traffic<\/td>East-West (Service mesh, cross-cluster, multi-account)<\/td><\/tr>
AWS Integration<\/strong><\/td>AWS Elastic Load Balancers<\/td>AWS VPC Lattice (service mesh abstraction)<\/td><\/tr>
Portability<\/strong><\/td>AWS-specific<\/td>Kubernetes-native, multi-cluster, multi-account<\/td><\/tr>
Extensibility<\/strong><\/td>AWS-specific annotations<\/td>Role-oriented, extensible via Gateway API<\/td><\/tr>
Management<\/strong><\/td>AWS-managed resources<\/td>Kubernetes-native resources mapped to VPC Lattice objects<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

AWS Load Balancer Controller<\/h2>\n\n\n\n
    \n
  • What it does:<\/strong>
    Provisions and manages AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) for Kubernetes clusters by watching Ingress and Service resources.<\/li>\n\n\n\n
  • Use Case:<\/strong>
    Best for exposing Kubernetes services to the internet (north-south traffic) or internal AWS networks using native AWS load balancers.<\/li>\n\n\n\n
  • How it works:<\/strong>\n
      \n
    • Monitors Kubernetes Ingress and Service resources.<\/li>\n\n\n\n
    • Creates and configures ALB\/NLB in AWS.<\/li>\n\n\n\n
    • Uses annotations for AWS-specific features (e.g., security groups, target types).<\/li>\n<\/ul>\n<\/li>\n\n\n\n
    • Limitations:<\/strong>\n
        \n
      • Focused on ingress (north-south) traffic.<\/li>\n\n\n\n
      • AWS-only; not portable across cloud providers.<\/li>\n\n\n\n
      • Does not natively support VPC Lattice or service-mesh (east-west) scenarios.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n

        Kubernetes Gateway API Controller for AWS VPC Lattice<\/h2>\n\n\n\n
          \n
        • What it does:<\/strong>
          Implements the Kubernetes Gateway API to provision and manage AWS VPC Lattice resources, enabling advanced service networking (east-west traffic) across VPCs, accounts, and clusters.<\/li>\n\n\n\n
        • Use Case:<\/strong>
          Ideal for service-to-service (east-west) connectivity, multi-cluster, and multi-account service mesh scenarios. Supports advanced routing, security, and observability features.<\/li>\n\n\n\n
        • How it works:<\/strong>\n
            \n
          • Watches for Gateway API resources (GatewayClass<\/code>, Gateway<\/code>, HTTPRoute<\/code>, etc.).<\/li>\n\n\n\n
          • Maps these resources to VPC Lattice objects (Service Networks, Services, Target Groups).<\/li>\n\n\n\n
          • Enables Kubernetes-native management of VPC Lattice networking, including cross-cluster and hybrid (EC2, Lambda, EKS) scenarios.<\/li>\n\n\n\n
          • No need for sidecar proxies; integrates directly with AWS networking.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
          • Strengths:<\/strong>\n
              \n
            • Portable, extensible, and vendor-neutral.<\/li>\n\n\n\n
            • Enables consistent application networking across AWS compute types and accounts.<\/li>\n\n\n\n
            • Supports advanced traffic management, security policies, and observability.<\/li>\n\n\n\n
            • Designed for large-scale, complex, or hybrid environments.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n

              Key Differences<\/h2>\n\n\n\n
                \n
              • Traffic Focus:<\/strong>\n
                  \n
                • AWS Load Balancer Controller:<\/strong> Primarily for north-south (external ingress) traffic using traditional AWS load balancers.<\/li>\n\n\n\n
                • Gateway API Controller for VPC Lattice:<\/strong> Focused on east-west (service-to-service) traffic, multi-cluster, and multi-account connectivity with service mesh-like features.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                • Resource Model:<\/strong>\n
                    \n
                  • Load Balancer Controller:<\/strong> Uses Ingress and Service resources with AWS-specific annotations.<\/li>\n\n\n\n
                  • Gateway API Controller:<\/strong> Uses Kubernetes-native Gateway API resources, mapped to VPC Lattice objects.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                  • Extensibility and Portability:<\/strong>\n
                      \n
                    • Load Balancer Controller:<\/strong> AWS-specific, less portable.<\/li>\n\n\n\n
                    • Gateway API Controller:<\/strong> Kubernetes-standard, multi-vendor support, portable across clusters and accounts.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                    • Integration with AWS VPC Lattice:<\/strong>\n
                        \n
                      • Load Balancer Controller:<\/strong> Does not natively provision or manage VPC Lattice resources.<\/li>\n\n\n\n
                      • Gateway API Controller:<\/strong> Directly provisions and manages VPC Lattice resources, enabling advanced service networking.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n

                        When to Use Each<\/h2>\n\n\n\n
                          \n
                        • Use AWS Load Balancer Controller if:<\/strong>\n
                            \n
                          • You need to expose Kubernetes services to the internet or internal AWS networks via ALB\/NLB.<\/li>\n\n\n\n
                          • Your focus is on traditional ingress (north-south) traffic within AWS.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                          • Use Kubernetes Gateway API Controller for VPC Lattice if:<\/strong>\n
                              \n
                            • You require advanced service-to-service (east-west) connectivity, multi-cluster, or multi-account networking.<\/li>\n\n\n\n
                            • You want to leverage VPC Lattice\u2019s service mesh features (security, observability, hybrid targets).<\/li>\n\n\n\n
                            • You prefer Kubernetes-native, portable, and extensible networking management.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                              \n\n\n\n

                              1\ufe0f\u20e3 AWS Load Balancer Controller<\/strong><\/h2>\n\n\n\n
                                \n
                              • Purpose:<\/strong>
                                Provisions and manages AWS Elastic Load Balancers<\/strong> (ALB\/NLB) for your Kubernetes services and ingresses.<\/li>\n\n\n\n
                              • Kubernetes Resources Supported:<\/strong>\n
                                  \n
                                • Ingress<\/code><\/li>\n\n\n\n
                                • Service<\/code> of type LoadBalancer<\/code><\/li>\n\n\n\n
                                • Now also supports Gateway API (for ALB)<\/strong> (but NOT VPC Lattice!)<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                • How it works:<\/strong>\n
                                    \n
                                  • Deploys an ALB or NLB for each relevant K8s resource.<\/li>\n\n\n\n
                                  • Integrates tightly with native AWS networking (Security Groups, IAM, WAF, etc.).<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                  • Traffic Path:<\/strong>
                                    Client \u2192 AWS ALB\/NLB \u2192 Kubernetes Pods\/Services<\/strong><\/li>\n\n\n\n
                                  • Supported AWS Networking:<\/strong>\n
                                      \n
                                    • Classic Load Balancer<\/li>\n\n\n\n
                                    • ALB (Application LB)<\/li>\n\n\n\n
                                    • NLB (Network LB)<\/li>\n\n\n\n
                                    • NOT VPC Lattice<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                                      \n\n\n\n

                                      2\ufe0f\u20e3 Kubernetes Gateway API Controller for AWS VPC Lattice<\/strong><\/h2>\n\n\n\n

                                      (sometimes called “AWS VPC Lattice Controller for K8s”)<\/em><\/p>\n\n\n\n

                                        \n
                                      • Purpose:<\/strong>
                                        Manages AWS VPC Lattice Service Networks<\/strong> using Kubernetes-native Gateway API CRDs.<\/li>\n\n\n\n
                                      • Kubernetes Resources Supported:<\/strong>\n
                                          \n
                                        • GatewayClass<\/code>, Gateway<\/code>, HTTPRoute<\/code>, GRPCRoute<\/code>, ServiceExport<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                        • How it works:<\/strong>\n
                                            \n
                                          • Translates Gateway API resources to AWS VPC Lattice configuration.<\/li>\n\n\n\n
                                          • Provisions and manages Lattice Service Networks<\/strong>, Services<\/strong>, and auth\/networking policies<\/strong>.<\/li>\n\n\n\n
                                          • Uses AWS\u2019s new Lattice managed service mesh\/data plane.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                                          • Traffic Path:<\/strong>
                                            Client (in VPC or via Lattice integration) \u2192 AWS VPC Lattice \u2192 Kubernetes Pods\/Services<\/strong><\/li>\n\n\n\n
                                          • Supported AWS Networking:<\/strong>\n
                                              \n
                                            • VPC Lattice only<\/strong><\/li>\n\n\n\n
                                            • NOT<\/em> Classic ELB, ALB, or NLB<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                                              \n\n\n\n

                                              \ud83d\udd11 Key Differences Table<\/strong><\/h2>\n\n\n\n
                                              Aspect<\/th>AWS Load Balancer Controller<\/th>Gateway API Controller for AWS VPC Lattice<\/th><\/tr><\/thead>
                                              AWS Service Used<\/strong><\/td>ALB\/NLB (Elastic Load Balancer)<\/td>VPC Lattice<\/td><\/tr>
                                              K8s API Support<\/strong><\/td>Ingress, Service (LoadBalancer), Gateway (ALB only)<\/td>Gateway API (GatewayClass<\/code>, Gateway<\/code>, Route<\/code>)<\/td><\/tr>
                                              Cross-VPC Service Mesh<\/strong><\/td>\u274c Not supported<\/td>\u2705 Native with Lattice<\/td><\/tr>
                                              Traffic Management<\/strong><\/td>L7 (ALB), L4 (NLB), AWS features (OIDC, WAF)<\/td>L7\/L4, fine-grained policies, service mesh-like<\/td><\/tr>
                                              AuthZ\/AuthN<\/strong><\/td>ALB\/NLB features (OIDC, WAF, etc.)<\/td>Lattice AuthN\/AuthZ, service-to-service policy<\/td><\/tr>
                                              Multi-cluster\/Multi-VPC<\/strong><\/td>Only with complex setup<\/td>Native<\/strong> in Lattice<\/td><\/tr>
                                              Supported Controllers<\/strong><\/td>Only AWS LB Controller<\/td>AWS VPC Lattice K8s Controller<\/td><\/tr>
                                              Portability<\/strong><\/td>AWS-only, ALB\/NLB<\/td>AWS-only, Lattice<\/td><\/tr>
                                              Advanced Routing<\/strong><\/td>Limited to what ALB\/NLB can do<\/td>Modern routing, policies, multi-VPC\/service-mesh<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
                                              \n\n\n\n

                                              \ud83d\udea6 When to Use Which?<\/strong><\/h2>\n\n\n\n

                                              Use AWS Load Balancer Controller if:<\/strong><\/p>\n\n\n\n

                                                \n
                                              • You need classic AWS ALB\/NLB integration.<\/li>\n\n\n\n
                                              • Your traffic comes primarily from the internet or traditional AWS endpoints.<\/li>\n\n\n\n
                                              • You want features like WAF, OIDC on ALB, AWS SSL\/TLS termination.<\/li>\n\n\n\n
                                              • You\u2019re using K8s Ingress or Service of type LoadBalancer.<\/li>\n<\/ul>\n\n\n\n

                                                Use K8s Gateway API Controller for AWS VPC Lattice if:<\/strong><\/p>\n\n\n\n

                                                  \n
                                                • You want to leverage AWS\u2019s next-gen Lattice<\/strong> mesh for service-to-service, multi-VPC, or multi-account connectivity<\/strong>.<\/li>\n\n\n\n
                                                • You want modern traffic policy, AuthN\/AuthZ, or advanced cross-VPC routing.<\/li>\n\n\n\n
                                                • You want a future-proof, service-mesh-like<\/strong> architecture but fully managed by AWS.<\/li>\n\n\n\n
                                                • You want full Kubernetes Gateway API experience on AWS.<\/li>\n<\/ul>\n\n\n\n
                                                  \n\n\n\n

                                                  Architecture Diagrams<\/strong><\/h2>\n\n\n\n

                                                  AWS Load Balancer Controller:<\/strong><\/p>\n\n\n

                                                  Internet\/Client\n      |\n   [ALB\/NLB]\n      |\n  [K8s Service\/Pod]\n<\/code><\/span><\/pre>\n\n\n
                                                  Gateway API Controller for AWS VPC Lattice:<\/strong><\/p>\n\n\n
                                                  Client in any VPC \/ Account \/ On-prem\n      |\n [VPC Lattice Service Network]\n      |\n   [K8s Gateway API (Gateway, HTTPRoute)]\n      |\n  [K8s Service\/Pod]\n<\/code><\/span><\/pre>\n\n\n
                                                  \n\n\n\n
                                                  Summary Table<\/strong><\/h2>\n\n\n\n
                                                  Feature<\/th>ALB\/NLB Controller<\/th>VPC Lattice Gateway API Controller<\/th><\/tr><\/thead>
                                                  AWS Service<\/strong><\/td>ALB, NLB<\/td>VPC Lattice<\/td><\/tr>
                                                  Supports Gateway API<\/strong><\/td>Only for ALB (partial)<\/td>Yes, full Gateway API<\/td><\/tr>
                                                  Mesh\/Multi-VPC<\/strong><\/td>No<\/td>Yes (via Lattice)<\/td><\/tr>
                                                  Traffic Policy<\/strong><\/td>Basic, ALB\/NLB rules<\/td>Advanced (Gateway API + Lattice)<\/td><\/tr>
                                                  Security<\/strong><\/td>ALB\/NLB OIDC, WAF<\/td>Lattice AuthN\/AuthZ, fine-grained<\/td><\/tr>
                                                  Best for<\/strong><\/td>Internet \u2192 K8s Service<\/td>Cross-VPC\/Account, internal\/external<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
                                                  \n\n\n\n
                                                  \n\n\n\n
                                                  <\/p>\n","protected":false},"excerpt":{"rendered":"
                                                  AWS Load Balancer Controller vs Kubernetes Gateway API Controller for AWS VPC Lattice Overview Table Feature AWS Load Balancer Controller Kubernetes Gateway API Controller for VPC Lattice Primary Purpose Integrate… <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-49966","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=49966"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49966\/revisions"}],"predecessor-version":[{"id":49967,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49966\/revisions\/49967"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=49966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=49966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=49966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}