AWS Load Balancer Controller replaces the functionality of the AWS ALB Ingress Controller.
Install aws-load-balancer-controller
Create an IAM OIDC provider for your cluster
eksctl utils associate-iam-oidc-provider --profile=perp \
--region ap-northeast-1 \
--cluster perp-staging \
--approveref:
https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
Create a Kubernetes ServiceAccount for the Controller
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.0/docs/install/iam_policy.json
aws iam create-policy --profile=perp \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
eksctl create iamserviceaccount --profile=perp \
--cluster=perp-staging \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::XXX:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approvere:
https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/deploy/installation/
Deploy aws-load-balancer-controller
helm repo add eks https://aws.github.io/eks-charts
helm ls -A
helm upgrade -i \
aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=perp-staging \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=ap-northeast-1 \
--set vpcId=vpc-XXXref:
https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html#helm-v3-or-later
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/deploy/installation/
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/deploy/configurations/
https://github.com/aws/eks-charts/tree/master/stable/aws-load-balancer-controller
Create an Ingress using ALB
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: graph-node-ingress
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-FS-1-2-Res-2020-10
alb.ingress.kubernetes.io/certificate-arn: YOUR_ACM_ARN
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=3600,deletion_protection.enabled=true
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.graph-node-jsonrpc: >
{"type": "forward", "forwardConfig": {"targetGroups": [
{"serviceName": "graph-node", "servicePort": 8000, "weight": 100}
]}}
alb.ingress.kubernetes.io/actions.graph-node-websocket: >
{"type": "forward", "forwardConfig": {"targetGroups": [
{"serviceName": "graph-node", "servicePort": 8001, "weight": 100}
]}}
spec:
rules:
- host: "subgraph-api.example.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: graph-node-jsonrpc
port:
name: use-annotation
- host: "subgraph-ws.example.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: graph-node-websocket
port:
name: use-annotationref:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/ingress/annotations/
kubectl apply -f graph-node-ingress.yaml -RThen create Route 53 records for the above domains, and point them to the newly created ALB.