Albcontroller를 생성하기전에
Public subnet Tag = kubernetes.io/role/elb : 1
Private subnet Tag = kubernetes.io/role/internal-elb : 1
Loadbalancer-Role 을 생성해줍니다.
CLUSTER_NAME="<클러스터 이름>"eksctl utils write-kubeconfig --name $CLUSTER_NAME
eksctl utils associate-iam-oidc-provider --approve --cluster $CLUSTER_NAME
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
CLUSTER_OIDC=$(aws eks describe-cluster --name $CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | sed 's/https:\/\///')
# 역할 생성
aws iam create-role \
--role-name Eks-Loadbalancer-Controller-Role \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::'"$ACCOUNT_ID"':oidc-provider/'"$CLUSTER_OIDC"'"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"'"$CLUSTER_OIDC"':aud": "sts.amazonaws.com",
"'"$CLUSTER_OIDC"':sub": "system:serviceaccount:kube-system:aws-load-balancer-controller"
}
}
}
]
}' \
--output json
# 정책 연결
aws iam attach-role-policy --role-name Eks-Loadbalancer-Controller-Role --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
aws iam attach-role-policy --role-name Eks-Loadbalancer-Controller-Role --policy-arn arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess
service-account.yaml을 apply 해줍니다.
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
cat <<EOF >> service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: aws-load-balancer-controller
name: aws-load-balancer-controller
namespace: kube-system
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/Eks-Loadbalancer-Controller-Role
EOF
kubectl apply -f service-account.yaml
Helm 설치 스크립트를 다운로드하고 실행 권한을 부여합니다.
AWS Load Balancer Controller를 지정한 네임스페이스에 설치합니다.
CLUSTER_NAME="<클러스터 이름>"# Helm 설치 스크립트를 다운로드하고 실행 권한을 부여합니다.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod +x get_helm.sh
./get_helm.sh
helm repo add eks https://aws.github.io/eks-charts
helm repo update
# AWS Load Balancer Controller를 지정한 네임스페이스에 설치합니다.
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=$CLUSTER_NAME \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
Aws Loadbalncer Conrtroller 설치되었는지 확인
kubectl get pods -n kube-system | grep aws-load-balancer-controllerhelm list -n kube-systemkubectl get events -n kube-system | grep aws-load-balancer-controller
Alb-controller 삭제하기
helm uninstall aws-load-balancer-controller -n kube-system
Download Manifest File
curl -o deployment.yaml https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/Deployment/deployment.yaml
curl -o service.yaml https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/service.yml
curl -o ingress.yaml https://raw.githubusercontent.com/wngnl-dev/AWS/main/EKS/Manifest/ingress.yml
