Comment rediriger le trafic d’un service Kubernetes EKS sur un Application load balancer (ALB)
Publié le
Do not index
Do not index
Primary Keyword
Lié à Analyse sémantique (Articles liés) 1
Lié à Analyse sémantique (Articles liés)
Statut rédaction
A optimiser SEO
Lié à Analyse sémantique (Articles liés) 2
I. IntroductionII. How to redirect traffic from a Kubernetes EKS service to an Application load balancer (ALB)III. ConclusionIV. References
I. Introduction
Amazon Elastic Kubernetes Service (Amazon EKS) allows you to manage Kubernetes cluster. For each services, you may need to expose to the public Internet. In order to load the traffic between pods running the traffic, you can use AWS Load Balancer (ALB). In this tutorial, we will guide you how to redirect traffic from a Kubernetes EKS service to an Application load balancer (ALB).
II. How to redirect traffic from a Kubernetes EKS service to an Application load balancer (ALB)
AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster.
- It satisfies Kubernetes Ingress resources by provisioning Application Load Balancers.
- It satisfies Kubernetes Service resources by provisioning Network Load Balancers.
First, set the AWS Load Balancer Controller version:
echo 'export LBC_VERSION="v2.4.1"' >> ~/.bash_profile
echo 'export LBC_CHART_VERSION="1.4.1"' >> ~/.bash_profile
. ~/.bash_profileThen check if the AWS Load Balancer Controller version has been set:
if [ ! -x ${LBC_VERSION} ]
then
tput setaf 2; echo '${LBC_VERSION} has been set.'
else
tput setaf 1;echo '${LBC_VERSION} has NOT been set.'
fiThen, we need to create IAM OIDC provider
eksctl utils associate-iam-oidc-provider \
--region <your aws region> \
--cluster <your eks cluster> \
--approveWe need to create IAM policy named
AWSLoadBalancerControllerIAMPolicycurl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${LBC_VERSION}/docs/install/iam_policy.json
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.jsonNow we create IAM role and ServiceAccount
eksctl create iamserviceaccount \
--cluster eksworkshop-eksctl \
--namespace kube-system \
--name aws-load-balancer-controller \
--attach-policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approveNow install TargetGroupBinding CRDs
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
kubectl get crdAdd the EKS repository to Helm and install AWS Load Balancer Controller:
helm repo add eks https://aws.github.io/eks-charts
helm upgrade -i aws-load-balancer-controller \
eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=<your eks cluster> \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set image.tag="${LBC_VERSION}" \
--version="${LBC_CHART_VERSION}"
kubectl -n kube-system rollout status deployment aws-load-balancer-controllerDeploy your application into K8S cluster and then use the Ingress resource to expose it to traffic. As example, we use sample 2048 game:
export EKS_CLUSTER_VERSION=$(aws eks describe-cluster --name eksworkshop-eksctl --query cluster.version --output text)
if [ "`echo "${EKS_CLUSTER_VERSION} < 1.19" | bc`" -eq 1 ]; then
curl -s https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/examples/2048/2048_full.yaml \
| sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' \
| kubectl apply -f -
fi
if [ "`echo "${EKS_CLUSTER_VERSION} >= 1.19" | bc`" -eq 1 ]; then
curl -s https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/examples/2048/2048_full_latest.yaml \
| sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' \
| kubectl apply -f -
fiIf you take a look at the sample yaml file of 2048 game:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: game-2048
name: ingress-2048
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: service-2048
servicePort: 80After few seconds, verify that the Ingress resource is enabled:
kubectl get ingress/ingress-2048 -n game-2048After some few minutes, you should see Application Load Balancer is created automatically. To get the URL of the Application Load Balancer:
export GAME_2048=$(kubectl get ingress/ingress-2048 -n game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://${GAME_2048}III. Conclusion
In this tutorial, you have learnt to setup AWS Load Balancer Controller to make Ingress for your EKS services. Using the Controller, you don’t need to manually provision an ALB. Instead, it will create ALB automatically and expose the registered EKS service on configured port and path.
IV. References
Sujets