Kubernetes Ingress with AWS ALB Ingress Controller

Kubernetes Ingress with AWS ALB Ingress Controller

Amazon Elastic Kubernetes ServiceOpen SourcePermalink

中文版Kubernetes IngressKubernetes servicesAmazon Elastic Load Balancing Application Load Balancer

AWS ALB Ingress controllerALB

Terminology

We will use the following acronyms to describe the Kubernetes Ingress concepts in more detail:

• AWS Application Load Balancer
• Elastic Network Interfaces
• NodePorttypeNodePortService.

aws-alb-ingress-controller

The following diagram details the AWS components that the aws-alb-ingress-controller creates whenever an Ingress resource is defined by the user. The Ingress resource routes ingress traffic from the ALB to the Kubernetes cluster.

Ingress Creation

Following the steps in the numbered blue circles in the above diagram:

1. ingress events
2. An ALB is created for the Ingress resource.
3. TargetGroups
4. Listeners80443) are used.
5. Rules

Ingress Traffic

• NodePort
• AWS CNI plugin for Kubernetes. The number of hops for the packet to reach its destination in this mode is always one.

Deploy Amazon EKS with eksctl

eksctl cli tool.

Install eksctl with Homebrew for macOS users:

brew install weaveworks/tap/eksctl

Create EKS cluster with cluster name “attractive-gopher”

eksctl create cluster --name=attractive-gopher

Go to the “Subnets” section in the VPC Console. Find all the Public subnets for your EKS cluster.

Example:
eksctl-attractive-gopher-cluster/SubnetPublic<USWEST2a>
eksctl-attractive-gopher-cluster/SubnetPublic<USWEST2b>
eksctl-attractive-gopher-cluster/SubnetPublic<USWEST2c>

this guide. (Most Kubernetes
distributions on AWS already do this for you, e.g. kops)

Deploy AWS ALB Ingress controller

Next, let’s deploy the AWS ALB Ingress controller into our Kubernetes cluster.

Create the IAM policy to give the Ingress controller the right permissions:

3. iam-policy.json

Attach the IAM policy to the EKS worker nodes:

1. Go back to the IAM Console.
3. Attach policy “ingressController-iam-policy.”

Deploy RBAC Roles and RoleBindings needed by the AWS ALB Ingress controller:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/rbac-role.yaml

Download the AWS ALB Ingress controller YAML into a local file:

curl -sS "https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/alb-ingress-controller.yaml" > alb-ingress-controller.yaml

Edit the AWS ALB Ingress controller YAML to include the clusterName of the Kubernetes (or) Amazon EKS cluster.

Deploy the AWS ALB Ingress controller YAML:

kubectl apply -f alb-ingress-controller.yaml

Verify that the deployment was successful and the controller started:

kubectl logs -n kube-system $(kubectl get po -n kube-system | egrep -o alb-ingress[a-zA-Z0-9-]+)

You should be able to see the following output:

------------------------------------------------------------------------------- AWS ALB Ingress controller   Release: v1.0.0   Build: git-6ee1276   Repository: https://github.com/kubernetes-sigs/aws-alb-ingress-controller -------------------------------------------------------------------------------

Deploy Sample Application

2048 game

Deploy 2048 game resources:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/2048/2048-namespace.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/2048/2048-deployment.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/2048/2048-service.yaml

Deploy an Ingress resource for the 2048 game:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/2048/2048-ingress.yaml

After few seconds, verify that the Ingress resource is enabled:

kubectl get ingress/2048-ingress -n 2048-game

You should be able to see the following output:

NAME         HOSTS         ADDRESS         PORTS   AGE 2048-ingress   *    DNS-Name-Of-Your-ALB    80     3m

Get Involved

The AWS ALB Ingress controller, a subproject of Kubernetes SIG (Special Interest Group) AWS, is a fully open source project maintained by Yang Yang (@M00nf1sh) and Kraig Amador. Kubernetes SIG-AWS’s technical roadmap is currently steered by three SIG chairs: Nishi Davidson (@nishidavidson@krisnova).

AWS ALB Ingress controller has been pegged as an alpha feature in Kubernetes 1.13, due to release early December 2018. The AWS team has also tested the Ingress controller with Amazon EKS that currently supports Kubernetes version 1.10.

More resources:

• AWS ALB Ingress Controller documentation
• aws-alb-ingress-controller Github repo
• Contribute to aws-alb-ingress-controller