[EKS] Setting Up an EKS Cluster and ALB Integration on AWS

·

3 min read

K8S ARCITECTURE

1. EKS Cluster Setup

1.1 Install eksctl

  • Windows (Powershell):
choco install -y eksctl
eksctl version  # Verify installation
  • Linux:
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version  # Verify installation

1.2 Create EC2 Key Pair

  • Purpose: Key pair for EC2 instance access.
bash코드 복사aws ec2 create-key-pair --key-name YourKeyName --query 'KeyMaterial' --output text > YourKeyName.pem

1.3 Create EKS Cluster

  • Cluster creation:
eksctl create cluster --name YourClusterName \
  --region YOURREGION\
  --version 1.29 \
  --vpc-private-subnets $private_subnet_id_1,$private_subnet_id_2 \
  --nodegroup-name private-ng \
  --node-type c5.xlarge \
  --nodes 3 \
  --nodes-min 3 \
  --nodes-max 4 \
  --node-private-networking \
  --managed \
  --ssh-access \
  --ssh-public-key YourKeyName
  • Key Options:

    • --vpc-private-subnets: Use private subnets for the node group.

    • --node-type: Specify EC2 instance type.

    • --node-private-networking: Ensure nodes run within private subnets.


2. ALB Integration Setup

2.1 Set Up IAM OIDC Provider

  • Purpose: Enable Kubernetes service accounts to access AWS resources.
eksctl utils associate-iam-oidc-provider --region YOURREGION --cluster YourClusterName --approve

2.2 Create and Attach IAM Policy

  • Purpose: Allow ALB controller to manage AWS resources.

  • Create IAM policy:

curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json
  • Create IAM service account:
eksctl create iamserviceaccount \
  --cluster=YourClusterName \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::YourAccountID:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve

3. Install AWS Load Balancer Controller

Helm Installation:

  • Add and update Helm repo:
helm repo add eks https://aws.github.io/eks-charts
helm repo update
  • Install ALB Controller:
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=YourClusterName \
  --set serviceAccount.create=false \
  --set region= YOURREGION \
  --set vpcId=$vpc_id \
  --set serviceAccount.name=aws-load-balancer-controller
  • Key Options:

    • --set clusterName: Specify the EKS cluster name.

    • --set vpcId: Set the VPC ID for the cluster.


4. Application Service and Deployment

4.1 Define Frontend and Backend Services

  • Frontend Deployment and Service:

    • Define deployment and service for frontend, running in private subnets.
  • Backend Deployment and Service:

    • Define deployment and service for backend, also running in private subnets.

5. Internal Load Balancer Setup for Frontend

5.1 Ingress Resource Configuration

  • Define Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: YOUR INGRESS NAME
  namespace: FRONTEND NAMESPACE NAME
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:YourACMCertificateARN
    alb.ingress.kubernetes.io/actions.ssl-redirect: >
      {"Type": "redirect", "RedirectConfig": {"Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
spec:
  rules:
    - host: www.yourdomain.com
      http:
        paths:
          - path: /*
            pathType: ImplementationSpecific
            backend:
              service:
                name: FRONTEND SERVICE NAME
                port:
                  number: 3000

5.2 Route 53 Configuration

  • Domain Linking: After creating the Ingress object, link the ALB with your domain using Route 53.

Next Post

  • Configuring network policies and HPA (Horizontal Pod Autoscaler) objects tailored to your architecture.