Integrate Application Load Balancer with AWS EKS Using AWS Load Balancer Controller

Hey folks, Welcome to an exciting blog where you’ll guide you through the seamless setup of an Application Load Balancer (ALB) within Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). Buckle up as i introduce you to the incredible AWS Load Balancer Controller, a Kubernetes controller specifically designed to effortlessly handle Elastic Load Balancers for your Kubernetes cluster.

Prerequisites

1. An EKS cluster.
2. At least two subnets in different Availability Zones (AZs) with the appropriate tags:

• For public subnets (for internet-facing load balancers):
• Tag: kubernetes.io/role/elb
• Value: 1 or <empty>
• For private subnets (for internal load balancers):
• Tag: kubernetes.io/role/internal-elb
• Value: 1 or <empty>

IAM Permissions

You need to set up IAM permissions to allow the AWS Load Balancer Controller to manage ALB resources. There are two ways to set up IAM permissions: using IAM roles for ServiceAccounts or attaching IAM policies directly to the worker node IAM roles.

Option 1: Using IAM roles for ServiceAccounts (recommended):

1. Create an IAM OIDC provider for your EKS cluster:

eksctl utils associate-iam-oidc-provider \
    --region <region-code> \
    --cluster <your-cluster-name> \
    --approve

2. Download the IAM policy for the AWS Load Balancer Controller:

curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.1/docs/install/iam_policy.json

3. Create an IAM policy called AWSLoadBalancerControllerIAMPolicy:

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam-policy.json

Take note of the policy ARN that is returned.

4. Create an IAM role and ServiceAccount for the AWS Load Balancer Controller, using the ARN from the previous step:

eksctl create iamserviceaccount \
    --cluster=<your-cluster-name> \
    --namespace=kube-system \
    --name=aws-load-balancer-controller \
    --attach-policy-arn=arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy \
    --override-existing-serviceaccounts \
    --approve

Option 2: Setting up IAM manually:

If you choose not to use IAM roles for ServiceAccounts, you can manually apply the IAM policies from the following URL: https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.1/docs/install/iam_policy.json.

Add the Controller to the Cluster via Helm:

1. Add the EKS chart repo to Helm:

helm repo add eks https://aws.github.io/eks-charts

2. Install the necessary CRDs (Custom Resource Definitions) for the AWS Load Balancer Controller:

kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"

3. Install the AWS Load Balancer Controller using Helm. If you’re using IAM roles for service accounts, make sure to specify the appropriate values:

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=<your-cluster-name> --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller

Step 2: Deploy a Application

To verify that the AWS Load Balancer Controller is working correctly and creates an ALB, follow these steps:

1. Create a deployment for the sample application. Save the following YAML to a file named deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
spec:
  selector:
    matchLabels:
      run: nginx-app
  replicas: 1
  template:
    metadata:
      labels:
        run: nginx-app
    spec:
      containers:
      - name: nginx-app
        image: nginx
        ports:
        - containerPort: 80

Apply the deployment:

kubectl apply -f deployment.yaml

2. Create a service for the sample application. Save the following YAML to a file named service.yaml:

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  labels:
    run: nginx-app
spec:
  ports:
  - port: 80
    protocol: TCP
  selector:
    run: nginx-app

Apply the service:

kubectl apply -f service.yaml

3. Create an ingress for the sample application. Save the following YAML to a file named ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-svc
                port:
                  number: 80

Apply the ingress:

kubectl apply -f ingress.yaml

Congratulations!

You have successfully set up an Application Load Balancer in AWS EKS using the AWS Load Balancer Controller. By following the steps outlined in this blog post, you now have a functioning ALB managing traffic to your Kubernetes cluster. If you have any questions or need further assistance, please feel free to reach out.

I hope you found this blog post helpful. Thank you for reading!