ALB (Application Load Balancer) is a feature offered by the Elastic Load Balancer on AWS. The Elastic Load balancers divide incoming application traffic among multiple targets, such as Containers and EC2 instances, in several availability zones, thus increasing application uptime. Application load balancers listen for HTTP or HTTPS requests at the request level, and route connections according to that information. As per the OSI (Open System Interconnection) model, ALB works at the application layer (the seventh layer). Application Load Balancer on Amazon EKS plays an important role to connect the outside world to the Kubernetes containers.
In Amazon Elastic Load Balancer, an Application Load Balancer is used to distribute the incoming traffic (HTTP and HTTPS requests) among the pods within the Amazon EKS cluster. In other words, we can say Amazon ALB acts as an external load balancer that exposes the inside running services of the cluster to the outward World.
Also Read: Deploy Kubernetes with AWS EKS and Fargate
Primary uses of an Application Load Balancer in the Amazon EKS:-
- Load Distribution – ALB evenly distributes incoming application traffic to the pods within the Kubernetes cluster. It helps to achieve scalability and High availability for the application.
- Traffic Routing – ALB allows routing traffic based on URL paths or host names specified in the URL request to various backend services. It also supports path-based routing and host-based routing.
- Content-Based Routing – The ALB supports content-based routing, which allows routing traffic based on the requested content. For example, we can decide if a request should be routed to a specific target group or service based on a header, request body, or query parameter.
- Integration with AWS Services – ALB seamlessly integrates with other AWS services. For example, AWS CloudFormation can be used to define Application Load Balancer configurations as infrastructure-as-code, Amazon WAF (Web Application Firewall) to protect from malicious attacks and web exploits.
In today’s tutorial, we will learn how we can configure the Application Load Balancer on the Amazon EKS cluster with the help of the AWS Load Balancer Controller.
Before we proceed, make sure to have all the prerequisites.
- Linux-Based Operating Systems (Ubuntu):- To run the Linux-based command from the command line interface
- AWS CLI:- It is required for the command line access of the AWS services. Run the following command to install the AWS CLI.
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install aws --version
- Eksctl:- To manage the EKS Cluster from the command line. Run the following commands to install the Eksctl command.
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin eksctl version
- Kubectl:- To manage the Kubernetes Cluster. Run the following command to install the Kubectl command.
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x kubectl mv kubectl /usr/bin/ kubectl version
- Helm:- It is a package manager used to install and manage the packages on the Kubernetes Cluster. Run the following command to install the Helm command.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh helm version --short
Note – If you guys already have an EKS Cluster, then you can skip the EKS creation steps.
Create an EKS Cluster
- We will create a new EKS Cluster in the ap-south-1 region and name as First. The cluster creation process will take around 10 to 15 minutes. Run the following command to create the EKS Cluster on AWS.
eksctl create cluster --name First --node-type t2.small --nodes 1 --nodes-min 1 --nodes-max 2 --region ap-south-1 --zones=ap-south-1a,ap-south-1b,ap-south-1c
The above command uses CloudFormation in the background to deploy the EKS cluster on Amazon. You can modify the Cluster Name, Node type and the number of Nodes as per your requirement.
- Run the following command to list the EKS cluster in the ap-south-1 region.
aws eks list-clusters --region ap-south-1
- To connect to the EKS Cluster, run the following command.
aws eks update-kubeconfig --name First --region ap-south-1
- To verify the EKS Cluster is connected, run the following command to list all the pods of Kubernetes.
kubectl get pods -A
Setup IAM Permissions
To configure the Application Load Balancer with Amazon EKS, we will use AWS Load Balancer Controller in Kubernetes. The AWS Load Balancer Controller creates the Application Load Balancer when we apply the Ingress in Kubernetes.
AWS ALB resources are accessed via IAM roles, which can either be set up via ServiceAccount roles or attached directly to the IAM roles on the worker nodes.
- Create IAM OpenID Connect (OIDC) provider, which is required to authenticate users from an external identity provider (IdP) that supports OpenID Connect. Run the following command to create an OpenID Connect provider.
eksctl utils associate-iam-oidc-provider --region=ap-south-1 --cluster=First --approve
- Download the IAM policy for the AWS Load Balancer Controller with the following command.
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
- Create an IAM policy and named it AWSLoadBalancerControllerIAMPolicy.
aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json
Note down the ARN returned from the above command.
- Create a ServiceAccount and IAM role for the AWS Load Balancer. Use the ARN from the previous command.
eksctl create iamserviceaccount \ --cluster=First \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-name First-policy-role \ --attach-policy-arn=arn:aws:iam::874201369922:policy/AWSLoadBalancerControllerIAMPolicy \ --approve
Replace the ARN as per the previous command.
Add Controller on Cluster via Helm
- Add the EKS chart repo to the Helm with the following command.
helm repo add eks https://aws.github.io/eks-charts
- Update the Helm repositories with the following command.
helm repo update
- Install the AWS Load Balancer Controller with the help of the Helm command.
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=First \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller \ --set region=ap-south-1
Note:- If you are using Fargate with EKS, then make sure to add the VPC ID of your EKS Cluster ” –set vpcId=vpc-0d6203f81b1c099 \” in the above command.
Deploy Demo App
Create a file named kubernetes-demo.yml, Copy and paste the following data into the file. By deploying the following Demo App in the EKS Cluster. It will launch an Application Load Balancer to serve the Demo App.
apiVersion: apps/v1 kind: Deployment metadata: name: demo-deployment namespace: default labels: app: kubernetes-demo spec: replicas: 3 selector: matchLabels: app: kubernetes-demo template: metadata: labels: app: kubernetes-demo spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: demo-service namespace: default labels: app: kubernetes-demo spec: selector: app: kubernetes-demo ports: - protocol: TCP port: 80 targetPort: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: default name: demo-ingress annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip spec: ingressClassName: alb rules: - http: paths: - path: / pathType: Prefix backend: service: name: demo-service port: number: 80
Note:- If you deleted the ingress, then it will also delete the Application Load Balancer. So make sure before you delete the Ingress from the EKS cluster.
- Run the following command to deploy the kubernetes-demo.yml file in the Kubernetes Cluster.
kubectl apply -f kubernetes-demo.yml
- Run the following command to check the Application Load balancer URL.
kubectl get ingress
We can also check the Application Load Balancer URL in the AWS console.
- Copy and paste the ALB URL generated by the ingress in the browser.
AWS Load Balancer Controller allows users to manage and configure Elastic Load Balancers in Kubernetes clusters that route traffic to applications. Hopefully, I’ve explained that how we can configure and run the Application Load Balancer with EKS (Elastic Kubernetes Service). I highly encourage you guys to give this tutorial a try and share your feedback with us. If you guys have any queries, then let me know in the comments section.