[EKS] Setting Up an EKS Cluster and ALB Integration on AWS
K8S ARCITECTURE
1. EKS Cluster Setup
1.1 Install eksctl
- Windows (Powershell):
choco install -y eksctl
eksctl version # Verify installation
- Linux:
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version # Verify installation
1.2 Create EC2 Key Pair
- Purpose: Key pair for EC2 instance access.
bash코드 복사aws ec2 create-key-pair --key-name YourKeyName --query 'KeyMaterial' --output text > YourKeyName.pem
1.3 Create EKS Cluster
- Cluster creation:
eksctl create cluster --name YourClusterName \
--region YOURREGION\
--version 1.29 \
--vpc-private-subnets $private_subnet_id_1,$private_subnet_id_2 \
--nodegroup-name private-ng \
--node-type c5.xlarge \
--nodes 3 \
--nodes-min 3 \
--nodes-max 4 \
--node-private-networking \
--managed \
--ssh-access \
--ssh-public-key YourKeyName
Key Options:
--vpc-private-subnets
: Use private subnets for the node group.--node-type
: Specify EC2 instance type.--node-private-networking
: Ensure nodes run within private subnets.
2. ALB Integration Setup
2.1 Set Up IAM OIDC Provider
- Purpose: Enable Kubernetes service accounts to access AWS resources.
eksctl utils associate-iam-oidc-provider --region YOURREGION --cluster YourClusterName --approve
2.2 Create and Attach IAM Policy
Purpose: Allow ALB controller to manage AWS resources.
Create IAM policy:
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json
- Create IAM service account:
eksctl create iamserviceaccount \
--cluster=YourClusterName \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::YourAccountID:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
3. Install AWS Load Balancer Controller
Helm Installation:
- Add and update Helm repo:
helm repo add eks https://aws.github.io/eks-charts
helm repo update
- Install ALB Controller:
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=YourClusterName \
--set serviceAccount.create=false \
--set region= YOURREGION \
--set vpcId=$vpc_id \
--set serviceAccount.name=aws-load-balancer-controller
Key Options:
--set clusterName
: Specify the EKS cluster name.--set vpcId
: Set the VPC ID for the cluster.
4. Application Service and Deployment
4.1 Define Frontend and Backend Services
Frontend Deployment and Service:
- Define deployment and service for frontend, running in private subnets.
Backend Deployment and Service:
- Define deployment and service for backend, also running in private subnets.
5. Internal Load Balancer Setup for Frontend
5.1 Ingress Resource Configuration
- Define Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: YOUR INGRESS NAME
namespace: FRONTEND NAMESPACE NAME
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:YourACMCertificateARN
alb.ingress.kubernetes.io/actions.ssl-redirect: >
{"Type": "redirect", "RedirectConfig": {"Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
spec:
rules:
- host: www.yourdomain.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: FRONTEND SERVICE NAME
port:
number: 3000
Key Annotations:
alb.ingress.kubernetes.io/certificate-arn
: Specify ACM certificate ARN for HTTPS.alb.ingress.kubernetes.io/scheme
: Define whether the ALB is internet-facing or internal.
5.2 Route 53 Configuration
- Domain Linking: After creating the Ingress object, link the ALB with your domain using Route 53.
Next Post
- Configuring network policies and HPA (Horizontal Pod Autoscaler) objects tailored to your architecture.