LoginSignup
0
1

More than 3 years have passed since last update.

@yuta_vamdemic(yuta)

Amazon EKSのALB Ingress Controllerをデプロイする

Posted at

EKSのIngressチュートリアルをそのままやります

ポリシードキュメントをダウンロード

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/iam-policy.json

ポリシー作成

aws iam create-policy \
--policy-name ALBIngressControllerIAMPolicy \
--policy-document file://iam-policy.json

ワーカーノード用のIAMポリシーを作成

kubectl -n kube-system describe configmap aws-auth

出力結果

Name:         aws-auth
Namespace:    kube-system
Labels:       <none>
Annotations:  <none>

Data
====
mapRoles:
----
- groups:
  - system:bootstrappers
  - system:nodes
  rolearn: arn:aws:iam::241161305159:role/eksctl-aaa-nodegroup-standard-wor-NodeInstanceRole-16F3YCW1WRZHL
  username: system:node:{{EC2PrivateDNSName}}

mapUsers:
----
[]

Events:  <none>

ポリシーをアタッチ

aws iam attach-role-policy \
--policy-arn arn:aws:iam::241161305159:policy/ALBIngressControllerIAMPolicy \
--role-name eksctl-aaa-nodegroup-standard-wor-NodeInstanceRole-16F3YCW1WRZHL

ALB Ingress Controllerで使用するサービスアカウント、クラスタロールなどを作成

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/rbac-role.yaml

出力結果

ocs/examples/rbac-role.yaml
clusterrole.rbac.authorization.k8s.io/alb-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/alb-ingress-controller created
serviceaccount/alb-ingress-controller created

ALB Ingress Controllerのデプロイ

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/alb-ingress-controller.yaml

出力結果

ocs/examples/alb-ingress-controller.yaml
deployment.apps/alb-ingress-controller created

マニュフェスト編集

kubectl edit deployment.apps/alb-ingress-controller -n kube-system

以下を編集

    spec:
      containers:
      - args:
        - --ingress-class=alb
        - --cluster-name=aaa
        - --aws-vpc-id=vpc-0fd48cbe5ca3fc533
        - --aws-region=us-east-2

サンプルアプリケーションデプロイ

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-service.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-ingress.yaml

デプロイ確認

kubectl get ingress/2048-ingress -n 2048-game

出力結果

NAME           HOSTS   ADDRESS                                                                 PORTS   AGE
2048-ingress   *       f007732d-2048game-2048ingr-6fa0-419251603.us-east-2.elb.amazonaws.com   80      117s

アプリケーションの画面

image.png

アプリケーション削除

kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-ingress.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-service.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-deployment.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-namespace.yaml

感想

むずい。わからない・・

0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1