Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Load Balancer Controller on EKS cluster for Fargate

by | Sep 2, 2021

Want to set up Load Balancer Controller on an EKS cluster for AWS Fargate? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how we can set it up.

 

Load Balancer Controller on EKS cluster for Fargate

We can set up the AWS Load Balancer Controller without any existing Application Load Balancer Ingress Controller deployments.

Moving ahead, let us see how our Support Techs do the same.

 

Create an Amazon EKS cluster, service account policy, and RBAC policies

1. Initially, to create an Amazon EKS cluster for Fargate, we run:

eksctl create cluster --name YOUR_CLUSTER_NAME --version 1.21 --fargate

2. To allow the cluster to use AWS IAM for service accounts, we run:

eksctl utils associate-iam-oidc-provider --cluster YOUR_CLUSTER_NAME --approve

3. Then to download an IAM policy that allows the AWS Load Balancer Controller to make calls to AWS APIs, we run:

curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/install/iam_policy.json

4. After that, to create an IAM policy with the above policy, we run:

aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json

5. To create a service account in the kube-system namespace for the AWS Load Balancer Controller, we run:

eksctl create iamserviceaccount \
--cluster=YOUR_CLUSTER_NAME \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::<AWS_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approve

6. Finally, to verify the creation of the new service role we run:

eksctl get iamserviceaccount --cluster YOUR_CLUSTER_NAME --name aws-load-balancer-controller --namespace kube-system

-or-

kubectl get serviceaccount aws-load-balancer-controller --namespace kube-system

 

Install the AWS Load Balancer Controller using Helm

1. Initially, to add the Amazon EKS chart repo to Helm, we run:

helm repo add eks https://aws.github.io/eks-charts

2. Then we install the TargetGroupBinding custom resource definitions (CRDs):

kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"

3. Eventually, to install the Helm chart, we run:

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
--set clusterName=YOUR_CLUSTER_NAME \
--set serviceAccount.create=false \
--set region=YOUR_REGION_CODE \
--set vpcId=<VPC_ID> \
--set serviceAccount.name=aws-load-balancer-controller \
-n kube-system

 

Test the AWS Load Balancer Controller

With AWS Load Balancer Controller, we can create either an ALB Ingress or a Network Load Balancer service.

Here, let us see how our Support Techs deploy a sample app called 2048 with ALB Ingress.

1. To create a Fargate profile for the game deployment, we run:

eksctl create fargateprofile --cluster your-cluster --region your-region-code --name your-alb-sample-app --namespace game-2048

2. Then we deploy the sample game and verify that the AWS Load Balancer Controller creates an ALB Ingress resource:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml

3. Later, we run the following command to verify the creation of the Ingress resource:

kubectl get ingress/ingress-2048 -n game-2048

Our output will be similar to this:

NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-2048 <none> * k8s-game2048-ingress2-xxxxxxxxxx-yyyyyyyyyy.us-east-2.elb.amazonaws.com 80 2m32s

Suppose the Ingress fails to create. Then to view the AWS Load Balancer Controller logs, we run:

kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller

If the logs contain error messages, we can diagnose issues with the deployment.

4. After that, we open a browser and navigate to the ADDRESS URL from the previous command output to see the sample application.

It will take a few minutes, refresh the browser.

 

Deploy a sample application with the NLB IP mode service

We must have a cluster running at least Kubernetes v1.16 or higher to use the NLB IP mode.

1. To create a Fargate profile, we run:

eksctl create fargateprofile --cluster your-cluster --region your-region-code --name your-alb-sample-app --namespace game-2048

2. Then to get the manifest for deploying the 2048 game, we run:

curl -o 2048-game.yaml https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/examples/2048/2048_full.yaml

3. In the manifest from the above step, we delete the following Ingress section:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: game-2048
name: ingress-2048
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: service-2048
servicePort: 80

4. After that, we modify the Service object like this:

apiVersion: v1
kind: Service
metadata:
namespace: game-2048
name: service-2048
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: LoadBalancer
selector:
app.kubernetes.io/name: app-2048

5. To create the service and deployment manifest, we run:

kubectl apply -f 2048-game.yaml

6. Then we check for service creation and the DNS name of the Network Load Balancer:

kubectl get svc -n game-2048

Generally, thw output will be similar to this:

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service-2048 LoadBalancer 10.100.114.197 k8s-game2048-service2-xxxxxxxxxx-yyyyyyyyyy.us-east-2.elb.amazonaws.com 80:30159/TCP 23m

7. We wait until the load balancer is active.

Then, to check if we can reach the deployment, we open the FQDN of the Network Load Balancer.

 

Troubleshoot the AWS Load Balancer Controller

In case we come across issues setting up the controller, we run:

$ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
$ kubectl get endpoints -n game-2048
$ kubectl get ingress/2048-ingress -n 2048-game

The output from the logs command returns error messages. We can use it to troubleshoot common errors.

 

Conclusion

In short, we saw how our Support Techs set up load balancer controller.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF