AWS Load Balancer Controller

AWS Load Balancer Controller.

Introduction

I did an exercise in which I implemented AWS EKS using Terraform. Nothing special about that. But then I was pondering how to implement the ingress for the solution, and that turned out to be a bit challenging. I finally decided to use AWS Load Balancer Controller instead of building everything from scratch.

I’m sorry, but I cannot provide a repo for this blog post - I did this exercise for my corporation to provide junior developers an example of an IaC solution.

What Is AWS Load Balancer Controller?

AWS Load Balancer Controller is a kubernetes controller which creates an AWS Application Load Balancer which is then used as an ingress for your kubernetes application. See the more detailed explanation in How AWS Load Balancer controller works.

Installation

The installation could be a bit easier if you created your cluster with the eksctl tool. I had already created the EKS cluster using Terraform, so I had to do some extra steps to make AWS Load Balancer Controller work with my solution.

I went with option A: IAM Roles for Service Accounts (IRSA). I.e., I created an IAM role with all necessary rights. Then I created an IAM OIDC provider:

eksctl utils associate-iam-oidc-provider \
    --region $AWS_DEFAULT_REGION \
    --cluster $EKS_CLUSTER_NAME \
    --approve

I curled the iam-policy.json as instructed in the AWS Load Balancer Controller documentation, and created an IAM Service Account:

eksctl create iamserviceaccount \
--cluster=$EKS_CLUSTER_NAME \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=$IAM_POLICY_ARN \
--override-existing-serviceaccounts \
--region $AWS_DEFAULT_REGION \
--approve

And installed the AWS Load Balancer Controller using a helm chart:

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=$EKS_CLUSTER_NAME --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller

And then I deployed a demo app (game 2048) to the cluster to verify that the AWS Application Load Balancer gets created:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.0/docs/examples/2048/2048_full.yaml

It took a couple of minutes for the AWS Application Load Balancer to get created. I checked the status using command:

kubectl get ingress/ingress-2048 -n game-2048

Once I saw the address, I tested the address in my browser and saw the game - everything went smoothly.

Some Considerations

Adding the AWS Load Balancer Controller can be done using the above process, but it is a bit ugly: All other infrastructure is created by terraform IaC, but for the ingress part, I had to use eksctl tool which creates a CloudFormation stack behind the curtains.

It might be possible to reverse-engineer what eksctl tool did above, and convert all the stuff as part of the terraform solution. At least those parts that are directly part of the AWS infrastructure. Maybe I do this in the second phase of this exercise.

Another solution might be trying to use terraform-aws-eks module instead of creating the eks module myself. I need to examine if that module creates the ingress as well.

Conclusions

If you want to find an easy way to provide a Kubernetes ingress in AWS EKS, AWS Load Balancer Controller is a good option.

The writer is working at a major international IT corporation building cloud infrastructures and implementing applications on top of those infrastructures.

Kari Marttila

_{Kari Marttila’s Home Page in LinkedIn: https://www.linkedin.com/in/karimarttila/}