[중요2][AWS] Elastic Kubernetes Service | Application Load Balancing on EKS

 

 

Elastic Kubernetes 서비스 | EKS의 애플리케이션 로드 밸런싱

 

 

 

1. 퍼블릿 서브넷에 태크 설정

 

 

 

2. 클러스터에 대한 OIDC 자격증명 공급자 생성

 

- IAM --> 자격증명 공급자 이동

 

 

 

 

3. 로드밸런서에 대한 IAM 역할 생성

- 정책 생성  (loadbalancer-controller-policy)

https://github.com/listentolearn/aws-eks-app-deployment/blob/main/loadbalancer-controller-policy.json

 

 

 

- 역할 생성 (사용자 지정 신뢰 정책)

 

https://github.com/listentolearn/aws-eks-app-deployment/blob/main/loadbalancer-trust-policy.json

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Principal":{
            "Federated":"arn:aws:iam::<accountId>:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/<oidcId>"
         },
         "Action":"sts:AssumeRoleWithWebIdentity",
         "Condition":{
            "StringEquals":{
               "oidc.eks.us-east-1.amazonaws.com/id/<oidcId>:aud":"sts.amazonaws.com",
               "oidc.eks.us-east-1.amazonaws.com/id/<oidcId>:sub":"system:serviceaccount:kube-system:aws-load-balancer-controller"
            }
         }
      }
   ]
}

 

- 기존에 생성한 정책 선택 (loadbalancer-controller-policy)

 

 

 

 

 

4. 클러스터 내에 ServiceAccount 생성

https://github.com/listentolearn/aws-eks-app-deployment/blob/main/service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: aws-load-balancer-controller
  name: aws-load-balancer-controller
  namespace: kube-system
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::<accountId>:role/<loadbalancerControllerRoleName>

 

 

 

 

 

 

 

 

 

5. helm 레포 추가 (클러스터 내에 로드밸런서 컨트롤러를 설치하기 위해)

 

 

 

 

6. helm install load balancer

helm install aws-load-balancer-controller eks/aws-load-balancer-controller
-n kube-system
--set clusterName=clusterName
--set serviceAccount.create=false
--set serviceAccount.name=aws-load-balancer-controller

 

## 이제 AWS Load Balancer Controller이 잘 설치가 되었는지 확인합니다.         

$ kubectl get deployment -n kube-system aws-load-balancer-controller

 

 

 

 

 

 

## 에러 발생시 다운그레이드 할것!!

error: exec plugin: invalid apiVersion "client.authentication.k8s.io/v1alpha1" 버전 이슈

https://blog.leedoing.com/239

 

 

 

 

7. INGRESS 생성

https://github.com/listentolearn/aws-eks-app-deployment/blob/main/ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: game-2048
  name: ingress-2048
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: service-2048
              port:
                number: 80

 

 

## Ingress 수행 전, Deployment 수행 할 것!!
kubectl apply -f deployment.yaml 

 

 

 

 

 

 

 

8. 콘솔에서 ALB 확인

 

 

 

 

 

 

 

 

 

 

 

 

https://www.youtube.com/watch?v=ZGKaSboqKzk