Bobcares
        • Web Hosting

        • Customized web hosting support solutions with 20 years of experience.

        • Cloud Hosting

        • 24x7x365 cloud support services for all major cloud platforms.

        • VPS Hosting

        • Premium support and management solutions for VPS providers.

        • Data Center

        • Enhanced support solutions for small to hyperscale data center providers. 

        • SaaS

        • Efficient deployment, updates, and end-user support for SaaS companies.

        • VPN

        • Premium support solutions for VPN companies.

        • Digital Agency

        • Comprehensive development and marketing solutions for digital agencies

        • ISP

        • Reliable end-user support and technical teams for ISP companies...

        • CDN

        • Reliable support solutions for CDN providers.

        • WE ARE HERE TO HELP
        • Image Description

          If you can't find the service you need, just write to us and we will figure something out.

          Chat with us

Client Area
Emergency Support
Amazon Web Services (AWS) | Latest

Load Balancer Controller on EKS cluster for Fargate

by | Sep 2, 2021

Want to set up Load Balancer Controller on an EKS cluster for AWS Fargate? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how we can set it up.

 

Load Balancer Controller on EKS cluster for Fargate

We can set up the AWS Load Balancer Controller without any existing Application Load Balancer Ingress Controller deployments.

Moving ahead, let us see how our Support Techs do the same.

 

Create an Amazon EKS cluster, service account policy, and RBAC policies

1. Initially, to create an Amazon EKS cluster for Fargate, we run:

eksctl create cluster --name YOUR_CLUSTER_NAME --version 1.21 --fargate

2. To allow the cluster to use AWS IAM for service accounts, we run:

eksctl utils associate-iam-oidc-provider --cluster YOUR_CLUSTER_NAME --approve

3. Then to download an IAM policy that allows the AWS Load Balancer Controller to make calls to AWS APIs, we run:

curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/install/iam_policy.json

4. After that, to create an IAM policy with the above policy, we run:

aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json

5. To create a service account in the kube-system namespace for the AWS Load Balancer Controller, we run:

eksctl create iamserviceaccount \
--cluster=YOUR_CLUSTER_NAME \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::<AWS_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approve

6. Finally, to verify the creation of the new service role we run:

eksctl get iamserviceaccount --cluster YOUR_CLUSTER_NAME --name aws-load-balancer-controller --namespace kube-system

-or-

kubectl get serviceaccount aws-load-balancer-controller --namespace kube-system

 

Install the AWS Load Balancer Controller using Helm

1. Initially, to add the Amazon EKS chart repo to Helm, we run:

helm repo add eks https://aws.github.io/eks-charts

2. Then we install the TargetGroupBinding custom resource definitions (CRDs):

kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"

3. Eventually, to install the Helm chart, we run:

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
--set clusterName=YOUR_CLUSTER_NAME \
--set serviceAccount.create=false \
--set region=YOUR_REGION_CODE \
--set vpcId=<VPC_ID> \
--set serviceAccount.name=aws-load-balancer-controller \
-n kube-system

 

Test the AWS Load Balancer Controller

With AWS Load Balancer Controller, we can create either an ALB Ingress or a Network Load Balancer service.

Here, let us see how our Support Techs deploy a sample app called 2048 with ALB Ingress.

1. To create a Fargate profile for the game deployment, we run:

eksctl create fargateprofile --cluster your-cluster --region your-region-code --name your-alb-sample-app --namespace game-2048

2. Then we deploy the sample game and verify that the AWS Load Balancer Controller creates an ALB Ingress resource:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml

3. Later, we run the following command to verify the creation of the Ingress resource:

kubectl get ingress/ingress-2048 -n game-2048

Our output will be similar to this:

NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-2048 <none> * k8s-game2048-ingress2-xxxxxxxxxx-yyyyyyyyyy.us-east-2.elb.amazonaws.com 80 2m32s

Suppose the Ingress fails to create. Then to view the AWS Load Balancer Controller logs, we run:

kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller

If the logs contain error messages, we can diagnose issues with the deployment.

4. After that, we open a browser and navigate to the ADDRESS URL from the previous command output to see the sample application.

It will take a few minutes, refresh the browser.

 

Deploy a sample application with the NLB IP mode service

We must have a cluster running at least Kubernetes v1.16 or higher to use the NLB IP mode.

1. To create a Fargate profile, we run:

eksctl create fargateprofile --cluster your-cluster --region your-region-code --name your-alb-sample-app --namespace game-2048

2. Then to get the manifest for deploying the 2048 game, we run:

curl -o 2048-game.yaml https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml

3. In the manifest from the above step, we delete the following Ingress section:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: game-2048
name: ingress-2048
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: service-2048
servicePort: 80

4. After that, we modify the Service object like this:

apiVersion: v1
kind: Service
metadata:
namespace: game-2048
name: service-2048
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: LoadBalancer
selector:
app.kubernetes.io/name: app-2048

5. To create the service and deployment manifest, we run:

kubectl apply -f 2048-game.yaml

6. Then we check for service creation and the DNS name of the Network Load Balancer:

kubectl get svc -n game-2048

Generally, thw output will be similar to this:

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service-2048 LoadBalancer 10.100.114.197 k8s-game2048-service2-xxxxxxxxxx-yyyyyyyyyy.us-east-2.elb.amazonaws.com 80:30159/TCP 23m

7. We wait until the load balancer is active.

Then, to check if we can reach the deployment, we open the FQDN of the Network Load Balancer.

 

Troubleshoot the AWS Load Balancer Controller

In case we come across issues setting up the controller, we run:

$ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
$ kubectl get endpoints -n game-2048
$ kubectl get ingress/2048-ingress -n 2048-game

The output from the logs command returns error messages. We can use it to troubleshoot common errors.

 

Conclusion

In short, we saw how our Support Techs set up load balancer controller.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Lock down API access to specific IP addresses in EKS cluster
  2. Cannot Delete Amazon EKS cluster
  3. Create multiple node groups for EKS worker nodes using eksctl
  4. Mount an encrypted Amazon EFS file system to a pod in EKS

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Lock down API access to specific IP addresses in EKS cluster
  2. Cannot Delete Amazon EKS cluster
  3. Create multiple node groups for EKS worker nodes using eksctl
  4. Mount an encrypted Amazon EFS file system to a pod in EKS

Never again lose customers to poor
server speed! Let us help you.

GET STARTED