I have a use case where an NLB needs 3 listeners, ports 80, 443, and 22. The picture below shows what I have set up manually and would like to achieve with kube-ingress-aws-controller.

The ALB in the picture is already currently deployed and managed by the ingress controller. I would like to also automatically provision and manage the NLB similarly, but it needs the third pass-through TCP listener and target group.

I am willing to provide the additional features through a PR, but I have a few questions:

• What is the preferred mechanism to define additional listeners and target groups, should it just be an additional annotation on an Ingress?
• Might there ever be a use case for more than 3 listeners and should we account for that?
• As per the above diagram, what would be the correct way to instruct kube-ingress-aws-controller to configure the NLB to route the HTTP and HTTPS listeners to another controller-managed ALB which contains our cert and redirect rule, and route the SSH passthrough listener to a NodePort?