AWS: EKS - 4
EKS - Part 4
VPC Tagging
- Key: The
value matches your Amazon EKS cluster’s name. - Value: The shared value allows more than one cluster to use this VPC.
| Key | Value |
|---|---|
| kubernetes.io/cluster/<cluster-name> | shared |
Load Balancing
Amazon EKS supports the Network Load Balancer and the Classic Load Balancer for pods running on Amazon EC2 instance worker nodes through the Kubernetes service of type LoadBalancer. Classic Load Balancers and Network Load Balancers are not supported for pods running on AWS Fargate (Fargate).
- All subnets (public and private) should have this tag.
| Key | Value |
|---|---|
| kubernetes.io/cluster/<cluster-name> | shared |
- Public subnet tagging
| Key | Value |
|---|---|
| kubernetes.io/role/elb | 1 |
- Private subnet tagging
| Key | Value |
|---|---|
| kubernetes.io/role/internal-elb | 1 |
ALB Ingress Controller
The AWS ALB Ingress Controller for Kubernetes is a controller that triggers the creation of an Application Load Balancer (ALB) and the necessary supporting AWS resources whenever an Ingress resource is created on the cluster with the kubernetes.io/ingress.class: alb annotation. The Ingress resource configures the ALB to route HTTP or HTTPS traffic to different pods within the cluster. The ALB Ingress Controller is supported for production workloads running on Amazon EKS clusters.
To ensure that your Ingress objects use the ALB Ingress Controller, add the following annotation to your Ingress specification.
annotations: kubernetes.io/ingress.class: albCreate an IAM OIDC provider and associate it with your cluster.
CLUSTER_NAME="pg-prd" REGION_CODE="ap-southeast-2" eksctl utils associate-iam-oidc-provider \ --region ${REGION_CODE} \ --cluster ${CLUSTER_NAME} \ --approveCreate an IAM policy called ALBIngressControllerIAMPolicy for the ALB Ingress Controller pod that allows it to make calls to AWS APIs on your behalf.
aws iam create-policy \ --policy-name ALBIngressControllerIAMPolicy \ --policy-document https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/iam-policy.jsonCreate a Kubernetes service account named alb-ingress-controller in the kube-system namespace, a cluster role, and a cluster role binding for the ALB Ingress Controller to use with the following command.
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yamlCreate an IAM role for the ALB ingress controller and attach the role to the service account created in the previous step.
CLUSTER_NAME="pg-prd" REGION_CODE="ap-southeast-2" eksctl create iamserviceaccount \ --region ${REGION_CODE} \ --name alb-ingress-controller \ --namespace kube-system \ --cluster ${CLUSTER_NAME} \ --attach-policy-arn arn:aws:iam::202756970286:policy/ALBIngressControllerIAMPolicy \ --override-existing-serviceaccounts \ --approveDeploy the ALB Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/alb-ingress-controller.yaml kubectl get clusterroles | grep aws-alb-ingress-controllerAdd a line for the cluster name after the –ingress-class=alb line.
spec: containers: - args: - --ingress-class=alb - --cluster-name=prod - --aws-vpc-id=vpc-03468a8157edca5bd - --aws-region=region-codeLog the ingress controller
kubectl logs -n kube-system deployment.apps/alb-ingress-controllerDeploy a sample application
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/2048/2048-namespace.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/2048/2048-deployment.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/2048/2048-service.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/2048/2048-ingress.yamlPlay the game on browser
http://07f34453-2048game-2048ingr-6fa0-1986376393.ap-southeast-2.elb.amazonaws.com/