EKSのIngressチュートリアルをそのままやります
ポリシードキュメントをダウンロード
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/iam-policy.json
ポリシー作成
aws iam create-policy \
--policy-name ALBIngressControllerIAMPolicy \
--policy-document file://iam-policy.json
ワーカーノード用のIAMポリシーを作成
kubectl -n kube-system describe configmap aws-auth
出力結果
Name: aws-auth
Namespace: kube-system
Labels: <none>
Annotations: <none>
Data
====
mapRoles:
----
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::241161305159:role/eksctl-aaa-nodegroup-standard-wor-NodeInstanceRole-16F3YCW1WRZHL
username: system:node:{{EC2PrivateDNSName}}
mapUsers:
----
[]
Events: <none>
ポリシーをアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::241161305159:policy/ALBIngressControllerIAMPolicy \
--role-name eksctl-aaa-nodegroup-standard-wor-NodeInstanceRole-16F3YCW1WRZHL
ALB Ingress Controllerで使用するサービスアカウント、クラスタロールなどを作成
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/rbac-role.yaml
出力結果
ocs/examples/rbac-role.yaml
clusterrole.rbac.authorization.k8s.io/alb-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/alb-ingress-controller created
serviceaccount/alb-ingress-controller created
ALB Ingress Controllerのデプロイ
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/alb-ingress-controller.yaml
出力結果
ocs/examples/alb-ingress-controller.yaml
deployment.apps/alb-ingress-controller created
マニュフェスト編集
kubectl edit deployment.apps/alb-ingress-controller -n kube-system
以下を編集
spec:
containers:
- args:
- --ingress-class=alb
- --cluster-name=aaa
- --aws-vpc-id=vpc-0fd48cbe5ca3fc533
- --aws-region=us-east-2
サンプルアプリケーションデプロイ
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-service.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-ingress.yaml
デプロイ確認
kubectl get ingress/2048-ingress -n 2048-game
出力結果
NAME HOSTS ADDRESS PORTS AGE
2048-ingress * f007732d-2048game-2048ingr-6fa0-419251603.us-east-2.elb.amazonaws.com 80 117s
アプリケーションの画面
アプリケーション削除
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-ingress.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-service.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-deployment.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-namespace.yaml
感想
むずい。わからない・・