Download

EKS安装AWS Load Balancer Controller以便ingress能够使用ALB

参考官方文档:https://docs.aws.amazon.com/eks/latest/userguide/lbc-helm.html

使用eksctl创建IAM Role

1. 创建alb namespace

kubectl create ns alb

2. 下载iam policy

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.13.0/docs/install/iam_policy.json

3. 创建iam policy

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

4. 在你的eksctl创建service account,并且把这个service account 跟iam policy做绑定,
根据官方的教程是把这个创建在kube-system的,但是我创建在alb namespace当中

eksctl create iamserviceaccount \
    --cluster=<cluster-name> \
    --namespace=alb \
    --name=aws-load-balancer-controller \
    --attach-policy-arn=arn:aws:iam::<AWS_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy \
    --override-existing-serviceaccounts \
    --region <aws-region-code> \
    --approve

安装AWS Load Balancer Controller

1. 本机下载eks的helm chart

helm repo add eks https://aws.github.io/eks-charts

2. 更新本机的helm repo

helm repo update eks

3. 执行helm安装load balancer controller 在eks当中

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n alb \
  --set clusterName=<cluster-name> \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=<aws-region-code> \
  --set vpcId=<eks-vpc-id> \
  --version 1.13.0

创建Ingress Class

默认系统是创建一个alb的ingress class, 但是这里我们需要自行创建一个并且绑定了ACM,那么所有的ingress就无需重复打acm cert了

1. 创建你IngressClassParams

apiVersion: elbv2.k8s.aws/v1beta1
kind: IngressClassParams
metadata:
  name: default-alb-params
spec:
  group: 
    name: "shared-alb"
  ipAddressType: ipv4
  scheme: internet-facing
  certificateArn: 
    - arn:aws:acm:ap-southeast-1:123123:certificate/09833da1-5ac6-43c0-b5a4-939318f5a1d9

2. 创建一个IngressClass并且绑定着IngressClassParams

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: default-alb
spec:
  controller: ingress.k8s.aws/alb
  parameters:
    apiGroup: elbv2.k8s.aws
    kind: IngressClassParams
    name: default-alb-params

3. 以下是创建ingress的sample

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: abc-ingress
  namespace: document
  annotations:
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  ingressClassName: default-alb
  rules:
    - host: abc.com
      http:
        paths:
          - backend:
              service:
                name: abc-service
                port:
                  number: 80
            path: /
            pathType: Prefix

Loading

Facebook评论

Related Posts