AWS EKS Ingress with latest AWS Load Balancer Controller
- The ALB Ingress Controller is now rebranded as AWS Load Balancer Controller, and includes support for both Application Load Balancers and Network Load Balancers. AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster.The controller provisions the following resources:
- It satisfies Kubernetes Ingress resources by provisioning Application Load Balancers.
- It satisfies Kubernetes Service resources by provisioning Network Load Balancers.
- It satisfies Kubernetes Ingress resources by provisioning Application Load Balancers.
- Introducing the AWS Load Balancer Controller
- Clone the repository and navigate to the folder ALB
- It is highly recommended to use eksctl for cluster creation and subsequent management as eksctl will automatically do many tasks which has to be manually done otherwise
- Create an EKS Cluster
$ eksctl create cluster --name k8sdemo --version 1.23 --region us-west-2 --nodegroup-name k8snodes --node-type t3.medium --nodes 2 - An existing AWS Identity and Access Management (IAM) OpenID Connect (OIDC) provider for your cluster. To determine whether one already exists, or to create one, refer Creating an IAM OIDC provider for your cluster.
- Create the IAM policy "AWSLoadBalancerControllerIAMPolicy"
$ aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json - Create service account and role. Refer relvant sections of the document and make necessary changes
$ eksctl create iamserviceaccount --cluster=k8sdemo --namespace=kube-system --name=aws-load-balancer-controller --role-name "AmazonEKSLoadBalancerControllerRole" --attach-policy-arn=arn:aws:iam::127538279091:policy/AWSLoadBalancerControllerIAMPolicy --approve - Install the controller using Helm
$ helm repo add eks https://aws.github.io/eks-charts - Update the repo
$ helm repo update - Refer every section of this document and make necessary changes. If you are using eksctl then below changes will suffice for demo purposes
- Go to EC2 console and check the IAM role assigned to the EC2 instances. Add an inline policy by coping the JSON code from "ECRALB.json".
- Add the AWS managed policy "AmazonEC2FullAccess" to the role
- Go to EC2 console and check the IAM role assigned to the EC2 instances. Add an inline policy by coping the JSON code from "ECRALB.json".
- Install and upgrade the controller
$ helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=k8sdemo --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller
$ helm upgrade aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=k8sdemo --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller - Verify that the controller is installed
$ kubectl get deployment -n kube-system aws-load-balancer-controller - To debug view the AWS Load Balancer Controller logs. These logs might contain error messages that you can use to diagnose issues with your deployment.
$ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller - Deploy the applications (pods and ClusterIP services)
$ kubectl apply -f cats.yaml
$ kubectl apply -f dogs.yaml
$ kubectl apply -f birds.yaml - Create the ingress resource
$ kubectl apply -f ingress.yaml - Get the DNS name of the ALB from EC2 management console or by running below command.
$ kubectl get ingress
- Access the application - Browse to the cats, dogs and birds service
$ http://<<-DNS name from above->>/cats
$ http://<<-DNS name from above->>/dogs
$ http://<<-DNS name from above->>/birds - Clean up AWS enviornment
$ helm uninstall aws-load-balancer-controller -n kube-system
$ eksctl delete cluster --name k8sdemo - Following diagram, from AWS Documentation,details the AWS components that the aws-alb-ingress-controller creates whenever an Ingress resource is defined by the user. The Ingress resource routes ingress traffic from the ALB to the Kubernetes cluster.
- (1) The controller watches for Ingress events from the API server. When it finds Ingress resources that satisfy its requirements, it starts the creation of AWS resources.
- (2) An ALB is created for the Ingress resource.
- (3) TargetGroups are created for each backend specified in the Ingress resource.
- (4) Listeners are created for every port specified as Ingress resource annotation. If no port is specified, sensible defaults (80 or 443) are used.
- (5) Rules are created for each path specified in your Ingress resource. This ensures that traffic to a specific path is routed to the correct TargetGroup created.
- (1) The controller watches for Ingress events from the API server. When it finds Ingress resources that satisfy its requirements, it starts the creation of AWS resources.
- Unboxing the new AWS Load Balancer Controller for K8s
- Application load balancing on Amazon EKS
- Installing the AWS Load Balancer Controller add-on
- Kubernetes Ingress with AWS ALB Ingress Controller
- How do I provide external access to multiple Kubernetes services in my Amazon EKS cluster?
- How do I set up an Application Load Balancer using the AWS Load Balancer Controller on an Amazon EC2 node group in Amazon EKS?
- Amazon Elastic Container Registry Identity-based policy examples
- 2048-Game-Fargate