Login
June 20, 2023|
Voiced by Amazon Polly |
Introduction
Kubernetes Ingress serves as an API resource that manages the control of HTTP(S) access, both internal and external, to services operating within a Kubernetes cluster. It provides a way to manage and configure routing rules for incoming traffic to the services.
On the other hand, Amazon Elastic Load Balancing Application Load Balancer (ALB) is a popular service provided by AWS that performs load balancing at the application layer (layer 7) for incoming traffic. ALB distributes the traffic across multiple targets, such as Amazon EC2 instances, within a specific region. It offers advanced features like routing based on host or path, TLS termination, support for WebSockets and HTTP/2, and integration with AWS WAF for enhanced security, access logs, and health.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
AWS ALB Controller
The AWS ALB Controller is tasked with effectively managing AWS Application Load Balancers within a Kubernetes cluster. This controller handles the provisioning of the AWS Application Load Balancer (ALB) when a Kubernetes Ingress is created.
Ingress with ALB controller
When a user defines an Ingress resource, the aws-alb-ingress-controller within Kubernetes interacts with various AWS components to enable the desired functionality. The controller automatically creates these AWS components, as depicted in the diagram, to facilitate the routing of ingress traffic from the Application Load Balancer (ALB) to the Kubernetes cluster.
Source: aws.com
Basic steps for the creation of Ingress and Ingress traffic
The aws-alb-controller follows a specific process, as indicated by the numbered blue circles in the diagram:
- The controller continuously monitors the API server for changes or events related to Ingress resources. Once it identifies Ingress resources that meet its requirements, it initiates the creation of AWS resources.
- An Application Load Balancer (ALB) is generated specifically for the Ingress resource. This ALB serves as the entry point for incoming traffic.
- For each backend specified in the Ingress resource, TargetGroups are created. These TargetGroups define the destinations for the incoming traffic based on the specified backends.
- Listeners are created to handle traffic on the designated ports specified in the Ingress resource. Sensible defaults such as port 80 or 443 are utilized if no port is explicitly defined.
- Rules are established for each path specified in the Ingress resource. These rules ensure traffic directed to a particular path is correctly routed to the appropriate TargetGroup.
Prerequisites
- A Kubernetes Cluster (In this Assessment, I am dealing with EKS).
- A sample docker image. I have taken a sample nginx latest image from the docker public repo.
- In Kubernetes clusters, version 1.21 or higher, verify that the Amazon VPC CNI plugin for Kubernetes, kube-proxy, and CoreDNS add-ons must adhere to the minimum version prerequisites outlined in the Service account tokens documentation.
- Helm and eksctl installations.
Steps to Configure the cluster with AWS Load Balancer Controller, Ingress, and workloads
- Updating the EKS cluster configuration file
2. Creating an IAM OIDC provider for the EKS cluster
3. Generate an IAM policy specifically designed for the AWS Load Balancer Controller, granting it the required permissions to interact with AWS APIs on your behalf seamlessly.
For all the regions:
|
1 |
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json |
For the regions GovCloud (US-East) or AWS GovCloud (US-West):
|
1 |
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json |
4. After downloading the required IAM Policy document, Create the IAM policy:
5. To set up the necessary components for the AWS Load Balancer Controller, Create an IAM role with the required permissions, and after that, create a Kubernetes service account called “aws-load-balancer-controller” in the “kube-system” namespace. Finally, add an annotation to the Kubernetes service account, specifying the name of the IAM role.
6. Install the AWS Load Balancer Controller
7. Using Helm package manager for Kubernetes, deploy the AWS Load Balancer Controller.
8. Use the kubectl command to check whether the controller was installed successfully.
Deploy a sample application and ingress in Kubernetes
9. Create a deployment with ngnix sample image with service as shown below:
10. Create an ingress with default path / by connecting the service created earlier:
11. Deploy the deployments and Ingress.
12. Verify that all the deployments and Ingress are created and running successfully.
13. Check with the Application load balancer created in the AWS Account.
14. Copy the URL and paste it into the browser.
Conclusion
The Ingress resource is utilized to direct HTTP(S) traffic to various endpoints within the cluster by leveraging the ALB. This functionality applies to any Kubernetes cluster, including Amazon Elastic Kubernetes Service (Amazon EKS).
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. What is the AWS Load Balancer Controller Addon?
ANS: – The AWS Load Balancer Controller Addon is an extension that enables the management of AWS Elastic Load Balancers within a Kubernetes cluster. It simplifies the provisioning and management of Application Load Balancers (ALBs) and Network Load Balancers (NLBs) using Kubernetes resources like Ingress and Service.
2. What are the benefits of using the AWS Load Balancer Controller Addon?
ANS: – The AWS Load Balancer Controller Addon offers several advantages:
- Simplified configuration: It abstracts the complexities of managing load balancers and provides a declarative way to define and manage them using Kubernetes resources.
- Automation: It automatically creates and updates load balancers based on changes in the cluster.
- Integration with other AWS services: It seamlessly integrates with other AWS services like Auto Scaling Groups, enabling dynamic scaling of backend instances based on traffic patterns.
3. How does NGINX Ingress work?
ANS: – NGINX Ingress operates as a reverse proxy, receiving incoming traffic and forwarding it to the appropriate backend services based on the defined rules. It can perform various functions like load balancing, SSL termination, path-based routing, and more.
WRITTEN BY Bhanu Prakash K
K Bhanu Prakash is working as a Subject Matter Expert in CloudThat. He is proficient in Managing and configuring AWS Infrastructure as well as on Kubernetes and DevOps tools like Terraform, ansible, Jenkins, and Git. He is very keen on learning new technologies and publishing blogs for the tech community.
PREV
Comments