Is it possible to have Qovery spawn an ALB instead of an ELB?
We would love to be able to to this easily and let Qovery manage it instead having to do it manually ourselves and risk introducing drift in the configuration by having resources added on the cluster or on AWS (VPC, Subnet, SGs) that Qovery doesn’t know about.
The main reason for us to want an ALB instead of ELB is to secure our application with AWS WAF.
I get the point. To be transparent, we were using ALB at the beginning of Qovery. However, due to too many limitations (+70% of our customers requesting NLB, poor performances compared to NLB, rules quotas, doesn’t support ACME protocol so not automatic TLS with Let’s encrypt), we decided to move to NLB, and we definitively do not regret this choice.
I don’t say we’ll never get back and propose both, but it requires a significant amount of work for Qovery. It’s not only switching NLB to ALB because ALB is a layer 7 LB, while NLB is 4. There are a lot of changes and no quick wins.
Maybe a solution would be to deploy your own ALB and allow you to push annotations to pods, so you’ll be able to make the redirects, but you’ll have to manage several things Qovery already manages for you, on your own, unfortunately, to get the same service level.
If a WAF is mandatory for you, I advise you to look at Cloudflare. They don’t care about ALB/NLB, and it works like a charm for several of our customers.
I hope this solution will make sense and work for you.