2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)

This article is one of four (4) in a series:

1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 1, you will set up the Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS).

2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 2, you will install an AWS Application Load Balancer.

3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 3, you will use Kubernetes to deploy the HumanGov application for California.

4 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 4, you will use Amazon Route 53 to name the application and AWS Certificate Manager to secure access to the application. You will also use Kubernetes to deploy ingress controller, so that Internet users can connect to the application. After testing, you will decommission the infrastructure.

For background on this series, go here:

Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free) | A Four-Part Series

1 of 5. [Cloud9] Create Load Balancer IAM policy

Record the arn for the policy you create, you'll use it in a future step.

# Download policy json cd ~/environment curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json # Create policy referring to json aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json

2 of 5. [Cloud9] Associate IAM OIDC provider

Intent: Facilitate communication between Kubernetes cluster and AWS

eksctl utils associate-iam-oidc-provider --cluster humangov-cluster --approve ​

3 of 5. [Cloud9] Create Load Balancer IAM service account.

This account leverages the IAM Policy you created earlier. It will be used for your load-balancer [which explains the name]

eksctl create iamserviceaccount \ --cluster=humangov-cluster \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-name AmazonEKSLoadBalancerControllerRole \ --attach-policy-arn=arn:aws:iam::502983865814:policy/AWSLoadBalancerControllerIAMPolicy \ --approve ​

4 of 5. [Cloud9] Install Load Balancer Controller

Note that load-balancer-controller is the service account you created in the prior step.

# Add eks-charts repository. helm repo add eks https://aws.github.io/eks-charts ​ # Update local repo helm repo update eks ​ # Install helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=humangov-cluster \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller ​

5 of 5. [Cloud9] Verify controller installation

kubectl get deployment -n kube-system aws-load-balancer-controller ​

References

create-policy — AWS CLI 2.15.24 Command Reference

IAM Roles for Service Accounts - eksctl

Helm | Helm Install

Helm | Helm Repo

kubectl Quick Reference | Kubernetes


Lewis Lampkin, III - Blog

Lewis Lampkin, III - LinkedIn

Lewis Lampkin, III - Medium

Comments

Popular posts from this blog

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Orphaned No More: Adopting AWS Lambda