Use topology labels to reduce cross-AZ ingress traffic with F5 CIS and EKS

This solution outlines how to use topology labels and multiple Container Ingress Services (CIS) instances to reduce cross-AZ traffic on AWS EKS cluster ingress. Requirements and background Recent...
Published May 20, 2024
Version 1.0
application delivery
AWS EKS
Container Ingress Services (CIS)
k8s
kubernetes
NGINX Ingress Controller
MichaelOLeary's avatar
Icon for Employee rankEmployee
I'm a Solution Architect at F5. Over the years I've become an expert in Kubernetes and cloud architectures. I publish articles and blog posts to share as much knowledge as possible. I love hanging out with customers and co-workers, so reach out any time!
View Profile
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jan 26, 2026

Great option MichaelOLeary​  just tested it on another multi zone cloud deployment (not Azure or AWS) but I think adding the option if no pods are found in the zone to failover to another zone as the pool is empty if there are no matching pods on the labeled nodes. 

 

Maybe something like priority groups that CIS can configure as the matching pods on the labeled nodes to be in the first priority group 🤔 

  • MichaelOLeary's avatar
    MichaelOLeary
    Icon for Employee rankEmployee
    Jan 26, 2026

    Nikoolayy1​ great point! I wrote this after dealing with a customer scenario where they controlled the application pods closely and were very concerned about cross-AZ traffic, but as you point out, it's not without room for improvement. I think in the case of priority groups I would recommend the alternateBackends configuration in CIS, but of course this would require your service to select only (or at least prefer) pods in a given topology zone. Thanks for the feedback!