Comment rediriger le trafic d’un service Kubernetes EKS sur un Application load balancer (ALB)

Comment rediriger le trafic d’un service Kubernetes EKS sur un Application load balancer (ALB)

Publié le


Do not index
Do not index
Primary Keyword
Lié à Analyse sémantique (Articles liés) 1
Lié à Analyse sémantique (Articles liés)
Statut rédaction
A optimiser SEO
Lié à Analyse sémantique (Articles liés) 2

I. Introduction

Amazon Elastic Kubernetes Service (Amazon EKS) allows you to manage Kubernetes cluster. For each services, you may need to expose to the public Internet. In order to load the traffic between pods running the traffic, you can use AWS Load Balancer (ALB). In this tutorial, we will guide you how to redirect traffic from a Kubernetes EKS service to an Application load balancer (ALB).

II. How to redirect traffic from a Kubernetes EKS service to an Application load balancer (ALB)

AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster.
 
First, set the AWS Load Balancer Controller version:
echo 'export LBC_VERSION="v2.4.1"' >>  ~/.bash_profile
echo 'export LBC_CHART_VERSION="1.4.1"' >>  ~/.bash_profile
.  ~/.bash_profile
Then check if the AWS Load Balancer Controller version has been set:
if [ ! -x ${LBC_VERSION} ]
  then
    tput setaf 2; echo '${LBC_VERSION} has been set.'
  else
    tput setaf 1;echo '${LBC_VERSION} has NOT been set.'
fi
 
Then, we need to create IAM OIDC provider
eksctl utils associate-iam-oidc-provider \
    --region <your aws region> \
    --cluster <your eks cluster> \
    --approve
 
We need to create IAM policy named AWSLoadBalancerControllerIAMPolicy
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${LBC_VERSION}/docs/install/iam_policy.json
aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json
 
Now we create IAM role and ServiceAccount
eksctl create iamserviceaccount \
  --cluster eksworkshop-eksctl \
  --namespace kube-system \
  --name aws-load-balancer-controller \
  --attach-policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --approve
 
Now install TargetGroupBinding CRDs
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

kubectl get crd
 
Add the EKS repository to Helm and install AWS Load Balancer Controller:
helm repo add eks https://aws.github.io/eks-charts

helm upgrade -i aws-load-balancer-controller \
    eks/aws-load-balancer-controller \
    -n kube-system \
    --set clusterName=<your eks cluster> \
    --set serviceAccount.create=false \
    --set serviceAccount.name=aws-load-balancer-controller \
    --set image.tag="${LBC_VERSION}" \
    --version="${LBC_CHART_VERSION}"

kubectl -n kube-system rollout status deployment aws-load-balancer-controller
 
Deploy your application into K8S cluster and then use the Ingress resource to expose it to traffic. As example, we use sample 2048 game:
export EKS_CLUSTER_VERSION=$(aws eks describe-cluster --name eksworkshop-eksctl --query cluster.version --output text)

if [ "`echo "${EKS_CLUSTER_VERSION} < 1.19" | bc`" -eq 1 ]; then     
    curl -s https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/examples/2048/2048_full.yaml \
    | sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' \
    | kubectl apply -f -
fi

if [ "`echo "${EKS_CLUSTER_VERSION} >= 1.19" | bc`" -eq 1 ]; then     
    curl -s https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/examples/2048/2048_full_latest.yaml \
    | sed 's=alb.ingress.kubernetes.io/target-type: ip=alb.ingress.kubernetes.io/target-type: instance=g' \
    | kubectl apply -f -
fi
 
If you take a look at the sample yaml file of 2048 game:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: game-2048
  name: ingress-2048
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: service-2048
              servicePort: 80
 
After few seconds, verify that the Ingress resource is enabled:
kubectl get ingress/ingress-2048 -n game-2048
After some few minutes, you should see Application Load Balancer is created automatically. To get the URL of the Application Load Balancer:
export GAME_2048=$(kubectl get ingress/ingress-2048 -n game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://${GAME_2048}
 

III. Conclusion

In this tutorial, you have learnt to setup AWS Load Balancer Controller to make Ingress for your EKS services. Using the Controller, you don’t need to manually provision an ALB. Instead, it will create ALB automatically and expose the registered EKS service on configured port and path.

IV. References

 

S'inscrire à la newsletter DevSecOps Keltio

Pour recevoir tous les mois des articles d'expertise du domaine

S'inscrire