EKS Loadbalancer Controller

Albcontroller를 생성하기전에

Public subnet Tag = kubernetes.io/role/elb : 1

Private subnet Tag = kubernetes.io/role/internal-elb : 1

 

 

Loadbalancer-Role 을 생성해줍니다.

CLUSTER_NAME="<클러스터 이름>"

eksctl utils write-kubeconfig --name $CLUSTER_NAME
eksctl utils associate-iam-oidc-provider --approve --cluster $CLUSTER_NAME
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
CLUSTER_OIDC=$(aws eks describe-cluster --name $CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | sed 's/https:\/\///')
# 역할 생성
aws iam create-role \
    --role-name Eks-Loadbalancer-Controller-Role \
    --assume-role-policy-document '{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "Federated": "arn:aws:iam::'"$ACCOUNT_ID"':oidc-provider/'"$CLUSTER_OIDC"'"
                },
                "Action": "sts:AssumeRoleWithWebIdentity",
                "Condition": {
                    "StringEquals": {
                        "'"$CLUSTER_OIDC"':aud": "sts.amazonaws.com",
                        "'"$CLUSTER_OIDC"':sub": "system:serviceaccount:kube-system:aws-load-balancer-controller"
                    }
                }
            }
        ]
    }' \
    --output json

# 정책 연결
aws iam attach-role-policy --role-name Eks-Loadbalancer-Controller-Role --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
aws iam attach-role-policy --role-name Eks-Loadbalancer-Controller-Role --policy-arn arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess

 

service-account.yaml을 apply 해줍니다.

ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
cat <<EOF >> service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: aws-load-balancer-controller
  name: aws-load-balancer-controller
  namespace: kube-system
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/Eks-Loadbalancer-Controller-Role
EOF
kubectl apply -f service-account.yaml

 

 

Helm 설치 스크립트를 다운로드하고 실행 권한을 부여합니다.

AWS Load Balancer Controller를 지정한 네임스페이스에 설치합니다.

CLUSTER_NAME="<클러스터 이름>"

# Helm 설치 스크립트를 다운로드하고 실행 권한을 부여합니다.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod +x get_helm.sh
./get_helm.sh
helm repo add eks https://aws.github.io/eks-charts
helm repo update

# AWS Load Balancer Controller를 지정한 네임스페이스에 설치합니다.
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=$CLUSTER_NAME \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller

Aws Loadbalncer Conrtroller 설치되었는지 확인

kubectl get pods -n kube-system | grep aws-load-balancer-controller

helm list -n kube-system

kubectl get events -n kube-system | grep aws-load-balancer-controller

Alb-controller 삭제하기

helm uninstall aws-load-balancer-controller -n kube-system

 

Download Manifest File

curl -o deployment.yaml  https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/Deployment/deployment.yaml
curl -o service.yaml  https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/service.yml
curl -o ingress.yaml  https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/ingress.yml