**Kubernetes Ingress On Amazon EKS**

**Kubernetes Ingress On Amazon EKS** === ###### tags: `AWS` ## **1.先建立cluster.yaml檔** ``` apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: app-lb-demo region: ap-south-1 iam: withOIDC: true serviceAccounts: - metadata: name: aws-load-balancer namespace: kube-system wellKnownPolicies: awsLoadBalancerController: true managedNodeGroups: - name: app-lb-demo-ng instanceType: t3.medium minSize: 1 maxSize: 2 ``` ## **2.透過eksctl建立EKS Cluster** ``` eksctl create cluster -f ./cluster.yaml ``` 輸出結果如下 ``` 2022-11-01 04:01:27 [ℹ] eksctl version 0.116.0 2022-11-01 04:01:27 [ℹ] using region ap-south-1 2022-11-01 04:01:28 [ℹ] setting availability zones to [ap-south-1c ap-south-1b ap-south-1a] 2022-11-01 04:01:28 [ℹ] subnets for ap-south-1c - public:192.168.0.0/19 private:192.168.96.0/19 2022-11-01 04:01:28 [ℹ] subnets for ap-south-1b - public:192.168.32.0/19 private:192.168.128.0/19 2022-11-01 04:01:28 [ℹ] subnets for ap-south-1a - public:192.168.64.0/19 private:192.168.160.0/19 2022-11-01 04:01:28 [ℹ] nodegroup "app-lb-demo-ng" will use "" [AmazonLinux2/1.23] 2022-11-01 04:01:28 [ℹ] using Kubernetes version 1.23 2022-11-01 04:01:28 [ℹ] creating EKS cluster "app-lb-demo" in "ap-south-1" region with managed nodes 2022-11-01 04:01:28 [ℹ] 1 nodegroup (app-lb-demo-ng) was included (based on the include/exclude rules) 2022-11-01 04:01:28 [ℹ] will create a CloudFormation stack for cluster itself and 0 nodegroup stack(s) 2022-11-01 04:01:28 [ℹ] will create a CloudFormation stack for cluster itself and 1 managed nodegroup stack(s) 2022-11-01 04:01:28 [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=ap-south-1 --cluster=app-lb-demo' 2022-11-01 04:01:28 [ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "app-lb-demo" in "ap-south-1" 2022-11-01 04:01:28 [ℹ] CloudWatch logging will not be enabled for cluster "app-lb-demo" in "ap-south-1" 2022-11-01 04:01:28 [ℹ] you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=ap-south-1 --cluster=app-lb-demo' 2022-11-01 04:01:28 [ℹ] 2 sequential tasks: { create cluster control plane "app-lb-demo", 2 sequential sub-tasks: { 4 sequential sub-tasks: { wait for control plane to become ready, associate IAM OIDC provider, 2 parallel sub-tasks: { 2 sequential sub-tasks: { create IAM role for serviceaccount "kube-system/aws-load-balancer", create serviceaccount "kube-system/aws-load-balancer", }, 2 sequential sub-tasks: { create IAM role for serviceaccount "kube-system/aws-node", create serviceaccount "kube-system/aws-node", }, }, restart daemonset "kube-system/aws-node", }, create managed nodegroup "app-lb-demo-ng", } } 2022-11-01 04:01:28 [ℹ] building cluster stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:01:29 [ℹ] deploying stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:01:59 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:02:29 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:03:30 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:04:30 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:05:31 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:06:31 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:07:32 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:08:32 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:09:33 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:10:33 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:11:34 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:12:34 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:13:35 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-cluster" 2022-11-01 04:15:40 [ℹ] building iamserviceaccount stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-load-balancer" 2022-11-01 04:15:40 [ℹ] building iamserviceaccount stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-node" 2022-11-01 04:15:41 [ℹ] deploying stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-load-balancer" 2022-11-01 04:15:41 [ℹ] deploying stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-node" 2022-11-01 04:15:41 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-load-balancer" 2022-11-01 04:15:41 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-node" 2022-11-01 04:16:12 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-node" 2022-11-01 04:16:12 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-load-balancer" 2022-11-01 04:16:43 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-node" 2022-11-01 04:16:43 [ℹ] serviceaccount "kube-system/aws-node" already exists 2022-11-01 04:16:44 [ℹ] updated serviceaccount "kube-system/aws-node" 2022-11-01 04:16:48 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-load-balancer" 2022-11-01 04:17:44 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-addon-iamserviceaccount-kube-system-aws-load-balancer" 2022-11-01 04:17:45 [ℹ] created serviceaccount "kube-system/aws-load-balancer" 2022-11-01 04:17:45 [ℹ] daemonset "kube-system/aws-node" restarted 2022-11-01 04:17:46 [ℹ] building managed nodegroup stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:17:46 [ℹ] deploying stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:17:46 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:18:17 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:18:50 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:20:21 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:21:09 [ℹ] waiting for CloudFormation stack "eksctl-app-lb-demo-nodegroup-app-lb-demo-ng" 2022-11-01 04:21:09 [ℹ] waiting for the control plane to become ready 2022-11-01 04:21:10 [✔] saved kubeconfig as "/home/cloudshell-user/.kube/config" 2022-11-01 04:21:10 [ℹ] no tasks 2022-11-01 04:21:10 [✔] all EKS cluster resources for "app-lb-demo" have been created 2022-11-01 04:21:10 [ℹ] nodegroup "app-lb-demo-ng" has 1 node(s) 2022-11-01 04:21:10 [ℹ] node "ip-192-168-67-153.ap-south-1.compute.internal" is ready 2022-11-01 04:21:10 [ℹ] waiting for at least 1 node(s) to become ready in "app-lb-demo-ng" 2022-11-01 04:21:10 [ℹ] nodegroup "app-lb-demo-ng" has 1 node(s) 2022-11-01 04:21:10 [ℹ] node "ip-192-168-67-153.ap-south-1.compute.internal" is ready 2022-11-01 04:21:13 [ℹ] kubectl command should work with "/home/cloudshell-user/.kube/config", try 'kubectl get nodes' 2022-11-01 04:21:13 [✔] EKS cluster "app-lb-demo" in "ap-south-1" region is ready ``` ## **3.檢查叢集是否建立成功** ![](https://i.imgur.com/G01Ak17.png) ## **4.安裝AWS Load Balancer Controller並新增EKS chart repo to helm** ``` helm repo add eks https://aws.github.io/eks-charts ``` [若您未安裝helm可參考此連結](https://docs.aws.amazon.com/zh_tw/eks/latest/userguide/helm.html) 輸出如下 ![](https://i.imgur.com/zdlg16C.png) ## **5.透過傳遞serviceAccount來安裝helm chart** ``` helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=app-lb-demo --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer ``` 輸出如下 ![](https://i.imgur.com/HeKf1NV.png) ## **6.安裝AWS Load Balancer ControllerCRD - Ingress Class Params and Target Group Bindings** ``` kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master" ``` 輸出如下 ![](https://i.imgur.com/iZ6WOJg.png) ## **7.先部署一個2048的service，yaml檔如下** ``` --- apiVersion: v1 kind: Namespace metadata: name: game-2048 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: game-2048 name: deployment-2048 spec: selector: matchLabels: app.kubernetes.io/name: app-2048 replicas: 5 template: metadata: labels: app.kubernetes.io/name: app-2048 spec: containers: - image: alexwhen/docker-2048 imagePullPolicy: Always name: app-2048 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: namespace: game-2048 name: service-2048 spec: ports: - port: 80 targetPort: 80 protocol: TCP type: NodePort selector: app.kubernetes.io/name: app-2048 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: game-2048 name: ingress-2048 annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: instance spec: rules: - host: "*.amazonaws.com" http: paths: - path: "/" pathType: Prefix backend: service: name: service-2048 port: number: 80 ``` 透過指令建立這個service ``` kubectl apply -f ./SampleApp.yaml ``` 輸出如下 ![](https://i.imgur.com/FrlkpjV.png) 服務運行中 ![](https://i.imgur.com/hKMexRU.png) ALB已自動建立成功 ![](https://i.imgur.com/ti67FI3.png) ## **8.驗證ingress是否已建立成功並配置完成ALB** ``` kubectl get ingress -A ``` 輸出如下 ![](https://i.imgur.com/75JoGIk.png) ``` kubectl describe ingress ingress-2048 -n game-2048 ``` 輸出如下 ![](https://i.imgur.com/Bfg3rX3.png) ## **9.訪問ALB的DNS name 驗證服務是否正常運行** ``` k8s-game2048-ingress2-38df8bab22-1078864165.ap-south-1.elb.amazonaws.com ``` 輸出如下 ![](https://i.imgur.com/ScspRCL.png)