USE OF INGRESS ALB Controller in AWS

1. Creating an Eks cluster and setting up environment for it.

# Create Cluster
eksctl create cluster --name=my-eks-cluster --region=ap-south-1 --zones=ap-south-1a,ap-
south-1b --without-nodegroup

Also, when we use this command, it will set the networking configuration of the cluster as
public. Hence we need to specify --node-private-networking flag so that the new node
groups added will be created in private subnets rather than public subnets.
eksctl create cluster --name=my-eks-cluster --region=ap-south-1 --zones=ap-south-1a,ap-
south-1b --without-nodegroup --node-private-networking

2. Creating OIDC provider to the EKS cluster. We need OIDC provider for our EKS service
account to assume an IAM role and perform actions on AWS services like ELB.
# Create OIDC provide
eksctl utils associate-iam-oidc-provider --region ap-south-1 --cluster my-eks-cluster –
approve

3. Then associate the OIDC to EKS cluster through access menu in Aws EKS cluster.

4. Now we create a node group in private subnets on our EKS cluster with the following
command with 2 nodes

eksctl create nodegroup --cluster= my-eks-cluster \

--region=ap-south-1 \
--name=eksdemo1-ng-public1 \
--node-type=t3a.medium \
--nodes=2 \
--nodes-min=2 \
--nodes-max=2 \
--node-volume-size=10 \
--ssh-access \
--ssh-public-key=kube-demo \
--managed \
--asg-access
--external-dns-access \
--full-ecr-access \
--appmesh-access \
--alb-ingress-access
 --node-private-networking

5. Now allow all traffic to the Security groups attached to worker nodes on all ports (Remember
to remove this entry before deleting the Cloudformation stack) afterwards we can allow only
the SG of the load balancer and remove this entry for allow all ip addresses
6. Then the next step is to create an IAM policy for the service account we are going to create.
We can get the latest policy json from this git repo

curl -o iam_policy_latest.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-

balancer-controller/main/docs/install/iam_policy.json

7. Command to create the iam policy

aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-

document file://iam_policy_latest.json

8. The we go ahead and create the service account for the load balancer controller along with
the policy we created above attached to the service account. This will create an IAM role in
IAM for the service account.

eksctl create iamserviceaccount --cluster=my-eks-cluster --namespace=kube-system --

name=aws-load-balancer-controller --attach-policy-
arn=arn:aws:iam::921386418875:policy/AWSLoadBalancerControllerIAMPolicy --override-
existing-serviceaccounts –approve

To confirm the creation of your service account

kubectl describe sa aws-load-balancer-controller -n kube-system

9. We will use helm to install alb ingress controller on our eks cluster so use the following
command to install helm on windows
Choco install helm

10. Command to install your alb controller

helm repo add eks https://aws.github.io/eks-charts

helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system

--set clusterName=my-eks-cluster --set serviceAccount.create=false --set
serviceAccount.name=aws-load-balancer-controller --set region=ap-south-1 --set
vpcId=vpc-0fedf51e669c93cc6 --set image.repository=602401143452.dkr.ecr.ap-south-
1.amazonaws.com/amazon/aws-load-balancer-controller

In the above command we are installing the aws load balancer controller for which the helm
chart is added in our helm repo in the previous command. In this command we set our
cluster name, specify our service account name and the ECR registry name that’s in our
regions so the image for the alb controller from the ecr is used.