Overview
The AWS Load Balancer Controller is a tool provided by Amazon Web Services (AWS) that enables to manage and configure AWS Load Balancers using Kubernetes.
In Kubernetes, load balancers are used to distribute incoming network traffic across multiple targets, such as pods or instances, to ensure high availability and scalability of applications. AWS provides various types of load balancers, such as Classic Load Balancer, Application Load Balancer (ALB), and Network Load Balancer (NLB), each suited for different use cases.
The AWS Load Balancer Controller simplifies the process of provisioning and managing AWS load balancers within Kubernetes clusters. It integrates with Kubernetes Ingress resources, allowing to define routing rules and expose services to the internet.
The controller translates Kubernetes Ingress objects into AWS load balancer configurations, automatically creating or updating the corresponding load balancers and listeners in AWS.
By using the AWS Load Balancer Controller, we can leverage AWS load balancing features seamlessly within your Kubernetes environment, enabling efficient and reliable traffic distribution for your applications running on AWS infrastructure.
The steps to be taken are as follows:
Create IAM policy
Create IAM role & service account
Install ALB controller using helm
Verify ALB deployment and webhook service
Clean up resources
Prerequisites
Steps
Step 1 - Create IAM policy
1
2
| curl -o iam_policy_latest.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json
ls -lrta
|
- Create an IAM policy using the policy downloaded
1
2
3
| aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy_latest.json
|
- The output like this below, get the
Arn section
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| {
"Policy": {
"PolicyName": "AWSLoadBalancerControllerIAMPolicy",
"PolicyId": "ANPAWZ6A3ANHXTU2DNC5G",
"Arn": "arn:aws:iam::<AWS-Account-ID>:policy/AWSLoadBalancerControllerIAMPolicy",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"CreateDate": "2023-12-10T08:21:21+00:00",
"UpdateDate": "2023-12-10T08:21:21+00:00",
"Tags": []
}
}
|
Step 2 - Create IAM role and Service Account
- Create IAM role & service account with eksctl
1
2
3
4
5
6
7
| eksctl create iamserviceaccount \
--cluster=aha-eks-demo \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::<AWS-Account-ID>:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approve
|
1
| eksctl get iamserviceaccount --cluster aha-eks-demo
|
- verify service account using kubectl
1
2
3
| kubectl get sa -n kube-system
kubectl get sa aws-load-balancer-controller -n kube-system
kubectl describe sa aws-load-balancer-controller -n kube-system
|
Step 3 - Install ALB controller using helm
1
| helm repo add eks https://aws.github.io/eks-charts
|
- get the VPC ID with aws command
1
| aws eks describe-cluster --name aha-eks-demo | grep -I vpc
|
1
| "vpcId": "vpc-073d36b8757xxxx",
|
- install the AWS load balancer controller, get the image url using this link.
1
2
3
4
5
6
7
8
| helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=aha-eks-demo \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=us-east-1 \
--set vpcId=vpc-073d36b875767xxxx \
--set image.repository=602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller
|
Step 4 - Verify ALB deployment and webhook service
- verify controller installed
1
2
3
| kubectl -n kube-system get deployment
kubectl -n kube-system get deployment aws-load-balancer-controller
kubectl -n kube-system describe deployment aws-load-balancer-controller
|
- verify AWS load balancer controller webhook service created
1
2
3
| kubectl -n kube-system get svc
kubectl -n kube-system get svc aws-load-balancer-webhook-service
kubectl -n kube-system describe svc aws-load-balancer-webhook-service
|
- verify AWS load balancer controller logs
1
2
3
| kubectl get pods -n kube-system
kubectl -n kube-system logs -f <CONTROLLER-POD-NAME>
|
Step 5 - Create IngressClass
- Create IngressClass Resource,
1
2
3
4
5
6
7
8
9
10
11
| $ vi ingressclass.yaml
...
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: aha-aws-ingress-class
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: ingress.k8s.aws/alb
...
|
1
| kubectl apply -f ingressclass.yaml
|
- Verify IngressClass Resource
1
| kubectl get ingressclass
|
- Describe IngressClass Resource
1
| kubectl describe ingressclass aha-aws-ingress-class
|
Step 6 - Clean Up
1
| kubectl delete -f ingressclass.yaml
|
1
| kubectl get ingressclass
|
- Uninstall the AWS Load Balancer Controller
1
| helm uninstall aws-load-balancer-controller -n kube-system
|
1
| kubectl get pods -n kube-system
|
1
| eksctl delete iamserviceaccount --namespace=kube-system aws-load-balancer-controller --cluster aha-eks-demo
|
1
| aws iam delete-policy --policy-arn arn:aws:iam::<AWS-ACCOUNT-ID>:policy/AWSLoadBalancerControllerIAMPolicy
|
Referensi: