[SOLVED]: AWS Load Balancer Controller (NLB) on EKS cluster

In the ever-evolving landscape of cloud computing, Amazon Web Services (AWS) has emerged as a frontrunner with its diverse range of services that cater to various business needs. Among its impressive array of offerings, AWS Elastic Kubernetes Service (EKS) stands out as a reliable and scalable solution for managing Kubernetes clusters. One of the pivotal components within the AWS EKS ecosystem are the Network Load Balancer (NLB) and Application Load Balancer (ALB). In this article, we will see, how to install Load Balancer  controller for AWS, and how to create a Load Balancer service to expose a sample nginx deployment. For the scope of this article, it is assumed that you are having layman knowledge on kubernetes and is familiar with basic aws terminologies like region,  AZ etc.

Create Cluster

It is assumed that, you are already have a EKS cluster installed. If not pls create EKS cluster as per your choice. In my case i have created a EKS cluster with name security-91 .

Install eksctl binary

Below commands can be used to install eksctl binary for linux. If your OS is different, pls download the required binary supported by your os from here.

wget https://github.com/eksctl-io/eksctl/releases/download/v0.153.0-rc.0/eksctl_Linux_amd64.tar.gz

Create Service Account with required privileges

We need to create a service account, for installing the load balancer controller. The service account should have required privileges for utilizing the Load Balancer service offered by EC2 service.

  • Below commands can be executed for achieving the same. Make sure region, account id and cluster name is replaced accordingly to your cluster
aws eks update-kubeconfig --region <region name> --name <cluster name>

oidc_id=$(aws eks describe-cluster --name <cluster name> --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)

#create IAM OIDC provider
eksctl utils associate-iam-oidc-provider --cluster <cluster name> --approve

#download IAM policy 
wget https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/docs/install/iam_policy.json

#create IAM policy
aws iam create-policy --policy-name AWSEKStestPolicy --policy-document file://iam_policy.json

#create service account with required IAM policy
eksctl create iamserviceaccount --cluster=<cluster name>  --namespace=kube-system  --name=aws-load-balancer-controller  --role-name "AWSEKStestPolicy " 
--attach-policy-arn=arn:aws:iam::<account id>:policy/AWSEKStestPolicy  --approve

Install AWS Load Balancer Controller

Below commands can be used to install AWS Load Balancer Controller using Helm

helm repo add eks https://aws.github.io/eks-charts

helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller   -n kube-system   --set clusterName=wonderful-rainbow-1670691625   --set serviceAccount.create=false   --set serviceAccount.name=aws-load-balancer-controller

Verify the AWS Load Balancer Controller Installation

Once the helm deployment is successful, you can verify the LB controller pods

~]$ kubectl get pods -n kube-system|grep load
aws-load-balancer-controller-7785c8b5f9-c82rw   1/1   Running   0   93m
aws-load-balancer-controller-7785c8b5f9-k95vg   1/1   Running   0   93m

AWS Load Balancer Demo

Let's verify, if the load balancer controller is able to provision the Load Balancers ( ALB and NLB)

Network Load Balancer

We can verify if the AWS Load Balancer controller is provisioning the Load Balancer properly.  We will be installing a nginx deployment, and we will expose that nginx pod over a Load Balancer service. When Load Balancer service is created with required annotations, Network Load Balancer will be automatically provisioned.

  • Create nginx deployment
 kubectl create deployment nginx --image=nginx --replicas=1
  • Expose the nginx using Load Balance service. Below yaml file can be used for creating the load balancer service
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: nginx
  name: nginx
  namespace: nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: external
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer
  • It should be noted that we have given required annotation, which will be picked by the AWS load balancer controller, and based on this annotation, load balancer will be provisioned
  • When we verify the kubernetes service, we could see that, External IP is assigned for the Load Balancer service
~]$ kubectl get svc -n nginx
NAME   TYPE CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
nginx   LoadBalancer   172.20.42.126   k8s-nginx-nginx-xxxxxxx-b4ac3237d8b11ec4.elb.ap-south-1.amazonaws.com   80:30035/TCP   86m
  • If we tried to access the end point given by the Network Load Balancer, it may show error. If it is throwing error, Login to the aws EC2 console and verify if the Load Balancer is provisioned.

AWS Load Balancer Controller

  • If it is in Provisioning state  as above snippet, wait for it to be in Active state

AWS Load Balancer Controller

  • Once the NLB is in Active state, retry accessing the GUI, we can see the nginx home page

AWS Load Balancer Controller

Application Load Balancer

We will use the same nginx deployment for testing the application load Balancer. When we deploy k8 Load Balancer service, Network Load Balancer will be created, Similarly if we create ingress resource with proper annotations, Application Load Balancer will be provisioned.

  • We will create a simple ClusterIP service, for exposing our nginx deployment
~]$ kubectl expose deploy nginx 
service/nginx exposed
  • We will create a ingress resource, which will direct traffic to the ClusterIP service. Below yaml file can be used for the same. It can be noted that , the path "/index.html" is used for directing traffic to the ClusterIP service and annotations specify the required configuration for the Application Load Balancer.
  • It is required to specify the ingress Class Name as "alb"

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /index.html
          pathType: Prefix
          backend:
            service:
              name: nginx
              port:
                number: 80
  • Once the manifest is applied, if we login to the EC2 console and navigate to the load Balancer section. We could see that an application Load Balancer is getting provisioned.

AWS Load Balancer Controller

  • Once it is in Active state, if connect to the load balancer DNS name with /index.html as the path, we could see the nginx default login page

AWS Load Balancer Controller

Conclusion

In this Article, we have seen how to setup Load Balancer controller for AWS EKS. And we have explored and demoed, how to provision Network Load Balancer and Application Load Balancer with nginx deployment as an example.

Search on LinuxDataHub

Leave a Comment