EKS - ALB Controller 설치

목차

• EKS - Cluster Autoscaler
• EKS - EFS CSI Driver 설치
• EKS - EBS CSI Driver 설치
• EKS - ALB Controller 를 활용한 NLB 생성
• EKS - ALB Controller 설치
• EKS - Cluster Access 문제
• EKS - NodeGroup 생성
• EKS - eksctl 로 클러스터 생성 및 삭제
• EKS (Elastic Kubernetes Service)

참고

• https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/aws-load-balancer-controller.html

IAM policy & role 생성

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

ServiceAccount 생성

eksctl create iamserviceaccount \
  --cluster=my-cluster \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \ # 원하는 Service Account 이름으로 변경해도 된다
  --role-name AmazonEKSLoadBalancerControllerRole \
  --attach-policy-arn=arn:aws:iam::111122223333:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve

Helm 을 이용한 ALB Controller 생성

helm repo add eks https://aws.github.io/eks-charts

helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=<EKS Cluster 이름> \
  --set serviceAccount.create=false \
  --set serviceAccount.name=<ServiceAccount 이름>

• 결과

NAME: aws-load-balancer-controller
LAST DEPLOYED: Fri Feb 17 09:50:16 2023
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

ALB Ingress 생성

• ALB Ingress Annotation 참고
  • https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: <Ingress 이름>
  namespace: <Namespace>
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name: froot # Ingress Group 이름
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443, "HTTP": 80}]' # ALB 가 수신한 PORT 를 설정합니다.
    alb.ingress.kubernetes.io/load-balancer-name: <ALB 이름>
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/security-groups: <Security Group 정보>
    alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-FS-1-2-Res-2020-10
    alb.ingress.kubernetes.io/subnets: <Subnet1 ID>, <Subnet2 ID>
    alb.ingress.kubernetes.io/success-codes: 403,404,200,302
    alb.ingress.kubernetes.io/tags: <tag1=value1>, <tag2=value2>
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
    - host: <도메인 이름>
      http:
        paths:
          - path: /*
            backend:
              service:
                name: <Service 이름>
                port:
                  number: <Service 포트>