AWS Load Balancer Controller:
Architecture diagram
Associates an OIDC provider with your EKS cluster:
eksctl is a CLI tool for EKS cluster in AWS. We can able to map the existing OIDC provider into EKS cluster through below CLI command.
#eksctl utils associate-iam-oidc-provider --cluster test-demo-cluster --approve --region us-east-2
Created an IAM role for the EKS cluster:
An Amazon EKS cluster IAM role is required for each cluster. Kubernetes clusters managed by Amazon EKS use this role to manage nodes and the legacy Cloud Provider uses this role to create load balancers with Elastic Load Balancing for services.
Creating the Amazon EKS cluster role:
You can use the AWS Management Console or the AWS CLI to create the cluster role.
AWS Management Console
Open the IAM console at https://console.aws.amazon.com/iam/.
Choose Roles, then Create role.
Under Trusted entity type, select AWS service.
From the Use cases for other AWS services dropdown list, choose EKS.
Choose EKS - Cluster for your use case, and then choose Next.
On the Add permissions tab, choose Next.
For Role name, enter a unique name for your role, such as eksClusterRole.
For Description, enter descriptive text such as Amazon EKS - Cluster role.
Choose Create role.
AWS Management Console
Open the IAM console at https://console.aws.amazon.com/iam/.
Choose Roles, then Create role.
Under Trusted entity type, select AWS service.
From the Use cases for other AWS services dropdown list, choose EKS.
Choose EKS - Cluster for your use case, and then choose Next.
On the Add permissions tab, choose Next.
For Role name, enter a unique name for your role, such as eksClusterRole.
For Description, enter descriptive text such as Amazon EKS - Cluster role.
Choose Create role.
AWS CLI
a) Copy the following contents to a file named EKS-loadbalancer-policy.json.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
b) Create an IAM policy:
#aws iam create-role \
--role-name AWSLoadBalancerControllerIAMPolicy \
--assume-role-policy-document file://"EKS-loadbalancer-policy.json"
Set up an IAM service account in an EKS cluster, allowing the AWS Load Balancer Controller to manage AWS Load Balancers on behalf of the Kubernetes cluster.
- Creates a Kubernetes ServiceAccount named aws-load-balancer-controller.
- Associates it with an IAM Role (AmazonEKSLoadBalancerControllerRole).
- Attaches the AWSLoadBalancerControllerIAMPolicy.
- Allows Kubernetes to use AWS IAM for authentication.
eksctl create iamserviceaccount \
--cluster=alb-demo-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::<aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
--region us-east-2 \
--approve
Validated the controller:
#kubectl get deployment -n kube-system aws-load-balancer-controller
Step 2: Install AWS Load Balancer Controller:
Install the AWS Load Balancer Controller.
Installs the AWS Load Balancer Controller in the kube-system namespace.
Links it to the existing aws-load-balancer-controller service account.
#helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=alb-demo-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
Step 3: Validated the load balancer:
#kubectl get deployment -n kube-system aws-load-balancer-controller
No comments:
Post a Comment