In this post we will review the steps required to use an ingress an a kubernetes cluster deployed on AWS EKS. The official document for the procedure is very long and frustrating. However I believe that AWS team would make it easier in the future. Until this is done, you can use the steps I've listed below.
To support ingress, AWS actually deploys an application load balancer to handle the ingress traffic dispatching. This is automated by deploying a load balancer controller as a pod in your existing EKS cluster. So, to use an ingress in EKS you need to:
- Deploy a load balancer controller
- Deploy ingress
Load Balancer Controller
Make sure to update the environment variables at the top of this script before running it.
#!/bin/bash
set -e
# Update these before starting
export CdnClusterName=my-eks-cluster
export CdnAwsAccount=123456789123
export CdnAwsRegion=us-east-1
export CdnVpcId=vpc-12345678912345678
echo "create IAM OIDC provider"
eksctl utils associate-iam-oidc-provider --cluster ${CdnClusterName} --approve
echo "check if IAM policy exists"
policyExists=$(aws iam list-policies|grep AWSLoadBalancerControllerIAMPolicy|wc -l)
if [[ "${policyExists}" = "0" ]]; then
echo "download IAM policy for the LoadBalancerController"
curl -s -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.1.3/docs/install/iam_policy.json
echo "create IAM policy"
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json
rm -f iam_policy.json
fi
echo "create IAM service account"
eksctl create iamserviceaccount \
--cluster=${CdnClusterName} \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::${CdnAwsAccount}:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approve
echo "install LoadBalancerController CRDs helm chart"
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
helm repo add eks https://aws.github.io/eks-charts
echo "install LoadBalancerController helm chart"
helm upgrade -i aws-load-balancer-controller eks/aws-load-balancer-controller \
--set clusterName=${CdnClusterName} \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=${CdnAwsRegion} \
--set vpcId=${CdnVpcId} \
-n kube-system
kubectl get deployment -n kube-system aws-load-balancer-controller
echo "Done"
If the script is success you will be able to see the deployed load balancer controller which is created by the script.
Ingress
Once the load balancer controller is working, we can deploy an ingress. The following is an example of an ingress. Notice the annotations that enable this ingress to be accessed from the internet.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /my-prefix/*
backend:
serviceName: my-service-1
servicePort: 80
- host: my.host.com
http:
paths:
- backend:
serviceName: my-service-2
servicePort: 80
Final Note
We have presented a simple way of using ingress in AWS EKS. Feel free to use/modify the script per your requirements. It is not bullet-proof, but it dramatically save your time when in need of ingress creation.
Update:
See this for fixing permission issue.
No comments:
Post a Comment