株式会社ヴァンデミックシステム

Blog

【AWS】【kubernetes】 【eks】Amazon EKSのALB Ingress Controllerをデプロイする

Posted by:
yuta

<スポンサーリンク>

EKSのIngressチュートリアルをそのままやります

ポリシードキュメントをダウンロード

curl -O https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/iam-policy.json

ポリシー作成

aws iam create-policy \
--policy-name ALBIngressControllerIAMPolicy \
--policy-document file://iam-policy.json

ワーカーノード用のIAMポリシーを作成

kubectl -n kube-system describe configmap aws-auth

出力結果

Name:         aws-auth
Namespace:    kube-system
Labels:       <none>
Annotations:  <none>

Data
====
mapRoles:
----
- groups:
  - system:bootstrappers
  - system:nodes
  rolearn: arn:aws:iam::241161305159:role/eksctl-aaa-nodegroup
-standard-wor-NodeInstanceRole-16F3YCW1WRZHL
  username: system:node:{{EC2PrivateDNSName}}

mapUsers:
----
[]

Events:  <none>

ポリシーをアタッチ

aws iam attach-role-policy \
--policy-arn arn:aws:iam::241161305159:policy/
ALBIngressControllerIAMPolicy \
--role-name eksctl-aaa-nodegroup-standard-wor-NodeInstanceRole
-16F3YCW1WRZHL

ALB Ingress Controllerで使用するサービスアカウント、クラスタロールなどを作成

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/rbac-role.yaml

出力結果

ocs/examples/rbac-role.yaml
clusterrole.rbac.authorization.k8s.io/alb-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/alb-ingress-controller 
created
serviceaccount/alb-ingress-controller created

ALB Ingress Controllerのデプロイ

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/alb-ingress
-controller.yaml

出力結果

ocs/examples/alb-ingress-controller.yaml
deployment.apps/alb-ingress-controller created

マニュフェスト編集

kubectl edit deployment.apps/alb-ingress-controller -n kube-system

以下を編集

    spec:
      containers:
      - args:
        - --ingress-class=alb
        - --cluster-name=aaa
        - --aws-vpc-id=vpc-0fd48cbe5ca3fc533
        - --aws-region=us-east-2

サンプルアプリケーションデプロイ

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-namespace.
yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-deployment.
yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-service.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-ingress.yaml

デプロイ確認

kubectl get ingress/2048-ingress -n 2048-game

出力結果

NAME           HOSTS   ADDRESS                                                                 PORTS   AGE
2048-ingress   *       f007732d-2048game-2048ingr-6fa0-419251603.
us-east-2.elb.amazonaws.com   80      117s

アプリケーションの画面

 

image.pngアプリケーション削除

kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-ingress.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-service.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-deployment.
yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/
aws-alb-ingress-controller/v1.1.2/docs/examples/2048/2048-namespace.
yaml

感想

むずい。わからない・・

<スポンサーリンク>

コメントを残す

Allowed tags:  you may use these HTML tags and attributes: <a href="">, <strong>, <em>, <h1>, <h2>, <h3>
Please note:  all comments go through moderation.
CAPTCHA

*

日本語が含まれない投稿は無視されますのでご注意ください。(スパム対策)