Application Load Balancer on Amazon EKS

Posted by Admin May 29, 2023 10 Min Read
Application Load Balancer on Amazon EKS

ALB (Application Load Balancer) is a feature offered by the Elastic Load Balancer on AWS. The Elastic Load balancers divide incoming application traffic among multiple targets, such as Containers and EC2 instances, in several availability zones, thus increasing application uptime. Application load balancers listen for HTTP or HTTPS requests at the request level, and route connections according to that information. As per the OSI (Open System Interconnection) model, ALB works at the application layer (the seventh layer). Application Load Balancer on Amazon EKS plays an important role to connect the outside world to the Kubernetes containers.

In Amazon Elastic Load Balancer, an Application Load Balancer is used to distribute the incoming traffic (HTTP and HTTPS requests) among the pods within the Amazon EKS cluster. In other words, we can say Amazon ALB acts as an external load balancer that exposes the inside running services of the cluster to the outward World.

Also Read: Deploy Kubernetes with AWS EKS and Fargate

Primary uses of an Application Load Balancer in the Amazon EKS:-

  • Load Distribution – ALB evenly distributes incoming application traffic to the pods within the Kubernetes cluster. It helps to achieve scalability and High availability for the application.
  • Traffic Routing – ALB allows routing traffic based on URL paths or host names specified in the URL request to various backend services. It also supports path-based routing and host-based routing.
  • Content-Based Routing – The ALB supports content-based routing, which allows routing traffic based on the requested content. For example, we can decide if a request should be routed to a specific target group or service based on a header, request body, or query parameter.
  • Integration with AWS Services – ALB seamlessly integrates with other AWS services. For example, AWS CloudFormation can be used to define Application Load Balancer configurations as infrastructure-as-code, Amazon WAF (Web Application Firewall) to protect from malicious attacks and web exploits.

In today’s tutorial, we will learn how we can configure the Application Load Balancer on the Amazon EKS cluster with the help of the AWS Load Balancer Controller.

Prerequisites

Before we proceed, make sure to have all the prerequisites.

  • Linux-Based Operating Systems (Ubuntu):- To run the Linux-based command from the command line interface
  • AWS CLI:- It is required for the command line access of the AWS services. Run the following command to install the AWS CLI.
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
  • Eksctl:- To manage the EKS Cluster from the command line. Run the following commands to install the Eksctl command.
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
  • Kubectl:- To manage the Kubernetes Cluster. Run the following command to install the Kubectl command.
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
mv kubectl /usr/bin/
kubectl version
  • Helm:- It is a package manager used to install and manage the packages on the Kubernetes Cluster. Run the following command to install the Helm command.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
helm version --short

Note – If you guys already have an EKS Cluster, then you can skip the EKS creation steps.

Create an EKS Cluster

  • We will create a new EKS Cluster in the ap-south-1 region and name as First. The cluster creation process will take around 10 to 15 minutes. Run the following command to create the EKS Cluster on AWS.
eksctl create cluster --name First --node-type t2.small --nodes 1 --nodes-min 1 --nodes-max 2 --region ap-south-1 --zones=ap-south-1a,ap-south-1b,ap-south-1c

The above command uses CloudFormation in the background to deploy the EKS cluster on Amazon. You can modify the Cluster Name, Node type and the number of Nodes as per your requirement.

Creating Amazon EKS from AWS CLI
  • Run the following command to list the EKS cluster in the ap-south-1 region.
aws eks list-clusters --region ap-south-1
  • To connect to the EKS Cluster, run the following command.
aws eks update-kubeconfig --name First --region ap-south-1
  • To verify the EKS Cluster is connected, run the following command to list all the pods of Kubernetes.
kubectl get pods -A
Checking pods running inside the Amazon EKS

Setup IAM Permissions

To configure the Application Load Balancer with Amazon EKS, we will use AWS Load Balancer Controller in Kubernetes. The AWS Load Balancer Controller creates the Application Load Balancer when we apply the Ingress in Kubernetes.

AWS ALB resources are accessed via IAM roles, which can either be set up via ServiceAccount roles or attached directly to the IAM roles on the worker nodes.

  • Create IAM OpenID Connect (OIDC) provider, which is required to authenticate users from an external identity provider (IdP) that supports OpenID Connect. Run the following command to create an OpenID Connect provider.
eksctl utils associate-iam-oidc-provider --region=ap-south-1 --cluster=First --approve
Create IAM OpenID Connect Provider on the AWS
  • Download the IAM policy for the AWS Load Balancer Controller with the following command.
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
  • Create an IAM policy and named it AWSLoadBalancerControllerIAMPolicy.
aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

Note down the ARN returned from the above command.

Creating an IAM policy on the AWS
  • Create a ServiceAccount and IAM role for the AWS Load Balancer. Use the ARN from the previous command.
eksctl create iamserviceaccount \
--cluster=First \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name First-policy-role \
--attach-policy-arn=arn:aws:iam::874201369922:policy/AWSLoadBalancerControllerIAMPolicy \
--approve

Replace the ARN as per the previous command.

Create a ServiceAccount in the Amazon EKS

Add Controller on Cluster via Helm

  • Add the EKS chart repo to the Helm with the following command.
helm repo add eks https://aws.github.io/eks-charts
  • Update the Helm repositories with the following command.
helm repo update
  • Install the AWS Load Balancer Controller with the help of the Helm command.
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=First \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=ap-south-1
Installing AWS Load Balancer Controller in the Amazon EKS

Note:- If you are using Fargate with EKS, then make sure to add the VPC ID of your EKS Cluster ” –set vpcId=vpc-0d6203f81b1c099 \” in the above command.

Deploy Demo App

Create a file named kubernetes-demo.yml, Copy and paste the following data into the file. By deploying the following Demo App in the EKS Cluster. It will launch an Application Load Balancer to serve the Demo App.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-deployment
  namespace: default
  labels:
    app: kubernetes-demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: kubernetes-demo
  template:
    metadata:
      labels:
        app: kubernetes-demo
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: demo-service
  namespace: default
  labels:
    app: kubernetes-demo
spec:
  selector:
    app: kubernetes-demo
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: default
  name: demo-ingress
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: demo-service
              port:
                number: 80

Note:- If you deleted the ingress, then it will also delete the Application Load Balancer. So make sure before you delete the Ingress from the EKS cluster.

  • Run the following command to deploy the kubernetes-demo.yml file in the Kubernetes Cluster.
kubectl apply -f kubernetes-demo.yml
  • Run the following command to check the Application Load balancer URL.
kubectl get ingress
Checking Ingress in the Amazon EKS

We can also check the Application Load Balancer URL in the AWS console.

Checking the Application Load Balancer URL from the AWS Console
  • Copy and paste the ALB URL generated by the ingress in the browser.
Copy and paste the Amazon ALB URL in the browser

Conclusion

AWS Load Balancer Controller allows users to manage and configure Elastic Load Balancers in Kubernetes clusters that route traffic to applications. Hopefully, I’ve explained that how we can configure and run the Application Load Balancer with EKS (Elastic Kubernetes Service). I highly encourage you guys to give this tutorial a try and share your feedback with us. If you guys have any queries, then let me know in the comments section.