Setup ALB ingress controller¶
This document describes how to install ALB ingress controller into your kubernetes cluster on AWS. If you'd prefer an end-to-end walkthrough of setup instead, see the echoservice walkthrough
Prerequisites¶
This section details what must be setup in order for the controller to run.
Kubelet¶
The kubelet must be run with --cloud-provider=aws
. This populates the EC2 instance ID in each node's spec.
Role Permissions¶
Adequate roles and policies must be configured in AWS and available to the node(s) running the controller. How access is granted is up to you. Some will attach the needed rights to node's role in AWS. Others will use projects like kube2iam.
An example policy with the minimum rights can be found at iam-policy.json.
Installation¶
You can choose to install ALB ingress controller via Helm or Kubectl
Helm¶
-
Add helm incubator repository
helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
-
Install ALB ingress controller
helm install incubator/aws-alb-ingress-controller --set autoDiscoverAwsRegion=true --set autoDiscoverAwsVpcID=true --set clusterName=MyClusterName
More docs on hub.helm.sh
Kubectl¶
-
Download sample ALB ingress controller manifest
wget https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.9/docs/examples/alb-ingress-controller.yaml
-
Configure the ALB ingress controller manifest
At minimum, edit the following variables:
--cluster-name=devCluster
: name of the cluster. AWS resources will be tagged withkubernetes.io/cluster/devCluster:owned
Tip
If ec2metadata is unavailable from the controller pod, edit the following variables:
--aws-vpc-id=vpc-xxxxxx
: vpc ID of the cluster.--aws-region=us-west-1
: AWS region of the cluster.
-
Deploy the RBAC roles manifest
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.9/docs/examples/rbac-role.yaml
-
Deploy the ALB ingress controller manifest
kubectl apply -f alb-ingress-controller.yaml
-
Verify the deployment was successful and the controller started
kubectl logs -n kube-system $(kubectl get po -n kube-system | egrep -o "alb-ingress[a-zA-Z0-9-]+")
Should display output similar to the following.
------------------------------------------------------------------------------- AWS ALB Ingress controller Release: 1.0.0 Build: git-7bc1850b Repository: https://github.com/kubernetes-sigs/aws-alb-ingress-controller.git -------------------------------------------------------------------------------