2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
This article is one of four (4) in a series:
1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 1, you will set up the Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS).
2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 2, you will install an AWS Application Load Balancer.
3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 3, you will use Kubernetes to deploy the HumanGov application for California.
4 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 4, you will use Amazon Route 53 to name the application and AWS Certificate Manager to secure access to the application. You will also use Kubernetes to deploy ingress controller, so that Internet users can connect to the application. After testing, you will decommission the infrastructure.
For background on this series, go here:
Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free) | A Four-Part Series
1 of 5. [Cloud9] Create Load Balancer IAM policy
Record the arn for the policy you create, you'll use it in a future step.
# Download policy json
cd ~/environment
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
# Create policy referring to json
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
2 of 5. [Cloud9] Associate IAM OIDC provider
Intent: Facilitate communication between Kubernetes cluster and AWS
eksctl utils associate-iam-oidc-provider --cluster humangov-cluster --approve
3 of 5. [Cloud9] Create Load Balancer IAM service account.
This account leverages the IAM Policy you created earlier. It will be used for your load-balancer [which explains the name]
eksctl create iamserviceaccount \
--cluster=humangov-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::502983865814:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
4 of 5. [Cloud9] Install Load Balancer Controller
Note that load-balancer-controller is the service account you created in the prior step.
# Add eks-charts repository.
helm repo add eks https://aws.github.io/eks-charts
# Update local repo
helm repo update eks
# Install
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=humangov-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
5 of 5. [Cloud9] Verify controller installation
kubectl get deployment -n kube-system aws-load-balancer-controller
References
create-policy — AWS CLI 2.15.24 Command Reference
IAM Roles for Service Accounts - eksctl
kubectl Quick Reference | Kubernetes
Comments
Post a Comment