er with respect to control plane.

eks is a fully managed control plan of aws for Kubernetes. you don't have to worry
about certificates, control plane components
Create entire control plane for you , but you don't gave to worry about control
plane configuration..

Eks takes care of control plane, fargate will take care of worker node. You can
also use ec2 instance, but then you will have to take care of high availability and
autoscale group for ec2 worker nodes
you can also create ec2 instances for worker nodes , but then you will have to take
care of configuring highavailability using autoscaling groups

Loadbalancer is in public vpc , while instances will be in private subnet.

All load balancer support ingress controller. Load balancer support ingress
controller. Whether it's nginx or f5. All of these are available as helm chart or
plain yaml manifest. Ingress controller(ALB controller) will watch for ingress
resource and it will create ALB(application load balancer) for you. User can talk
to application load loadbalancer which will route through ingress resource rules
and hit on service which will hit the application running inside pod.
load balancer for service mode is very expensive, so we configure ingress resource
routing
when you are using ingress you can create service for either clusterip or nodeport
mode, ingress will basically route the traffic inside the clustereks - elastic
Kubernetes service

eks, which is managed Kubernetes clust

in ingress resource yml file you will write , if user is accessing example.com/abc
redirect/route the request to the particular service, and from service the
request will go to pod.
ingress controller will watch for ingress resource and create an ALB, or if load
lancer is already there it will configure load balancer as per rule mentioned in
ingress resource

first install kubectl then , eksctl

Create IAM Users:

Go to the IAM (Identity and Access Management) service in the AWS Management
Console.
Click on "Users" in the left-hand navigation pane and then click on "Add user."
Enter a username for the new IAM user and select the access type (Programmatic
access, AWS Management Console access, or both).
Choose the permissions for the IAM user by adding them to one or more IAM groups or
attaching policies directly.
Optionally, set permissions boundary, tags, and enable MFA for the IAM user.
Access Keys (for Programmatic Access):

If you selected "Programmatic access" during user creation, you will receive access
keys (Access Key ID and Secret Access Key).
Store these access keys securely, as they will be used to authenticate API requests
made to AWS services.

prerequisites
install aws cli -> aws configure
install kubectl
install eksctl
eksctl create cluster --name demo-cluster --region ap-south-1 --fargate

fargate for data plane

creates and automates everything for you

creates vpc, both private and public subnet

you can integrate iam roles with Kubernetes service account so that you can talk
to any other Kubernetes svc

you can see fargate profile is attached only to default and kube-system namespace,
only in these namespaces you can run pods

configure kubectl for eks

aws eks update-kubeconfig --name demo-cluster ap-south-1

create fargate profile to attach additional namespace

eksctl create fargateprofile \
--cluster demo-cluster \
--region ap-south-1 \
--name alb-sample-app \
--namespace game-2048

Deployment file -
https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/
v2.5.4/docs/examples/2048/2048_full.yaml

we will need to install ingress controller otherwise ingress resource will be

useless

kubectl get pods -n game-2048

kubectl get svc -n game-2048
type nodeport, external ip is none still
kubectl get ingress -n game-2048, there is no address because there is no
loadbalancer or ingresscontroller

there has to be ingress controller, once there will be ingresscontroller, it will

read ingress resource it will not just create a loadbalancer for us but will also
configure loadbalancer
ingress controller will take care of creating loadbalancer, target group, port

configure OIDC connector is prerequisite before doing alb controller addon

controller is nothing but a Kubernetes pod , so it needs to talk to resources, to
talk to aws resources, it should have iam integrated
so iam oidc connecter is general practice in organization
oidc_id=$(aws eks describe-cluster --name $cluster_name --query
"cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)

eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve

we are trying to install alb
alb controller is a pod, you are granting it access to aws service such as alb
it has to talk to aws apis. we create iam roles
create service account that will have role attached, pod will have a service
account, it will have role attached
helm chart to install
kubectl get deploy -n kube-system aws-load-balancer-controller

then check if alb-controller has created a alb loadbalancer for us or not

so ingress-alb-controller created the alb for us ec2->loadbalanceer to check, it
created because we submitted a ingress resource

check again if ingress got address

kubectl get ingress -n game-2048 , yes