Introduction

In this section, we will deploy a web based application called Komiser and configure an associated Service leveraging the Application Load Balancer to expose the application externally.

The Application Load Balancer integrates with Kubernetes via an Ingress Controller, so it needs to be provisioned in advance.

Adding Power User Access to your Worker Nodes

The Application Load Balancer Ingress Controller runs on the Worker Nodes and in order to create the necessary AWS Resources, permissions are needed. We will be going Rogue here and adding full Power User privileges to your Worker Nodes. Please don’t try this stunt in uncontrolled environments as there be dragons beyond them hills if you do!!!

  • Access your AWS IAM Console

  • Go to Roles and search for “eks-node”

  • Edit the Role associated with the Worker Nodes of the Cluster you are using for the Workshop and Attach the PowerUserAccess policy to it.

Provisioning the Ingress Controller for the Application Load Balancer

  • Download the deployment manifest provided by the Kubernetes SIG
wget https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/alb-ingress-controller.yaml
  • Edit the manifest file and configure the associated Kubernetes Cluster to deploy the Controller to. Look for the line
            # - --cluster-name=devCluster
  • Uncomment it and change the Cluster name from “devCluster” to your own Cluster’s name
            - --cluster-name=EKS
  • Deploy the necessary RBAC Roles manifest that will allow the Ingress Controller to function properly. This needs no changes, so you can deploy directly from the Remote GitHub Repository. You can also download the manifest and analyze it before deploying.
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.2/docs/examples/rbac-role.yaml
  • Deploy the modified Ingress Controller manifest
kubectl apply -f alb-ingress-controller.yaml
  • Wait a few seconds and then validate if the deployment was successful and if the Controller was properly started
kubectl logs -n kube-system $(kubectl get po -n kube-system | egrep -o "alb-ingress[a-zA-Z0-9-]+")
  • The presented output should be similar to the below
-------------------------------------------------------------------------------
AWS ALB Ingress controller
  Release:    v1.1.2
  Build:      git-cc1c5971
  Repository: https://github.com/kubernetes-sigs/aws-alb-ingress-controller.git
-------------------------------------------------------------------------------

Deploying Komiser with your shiny new Ingress Controller

  • Create a new file called “komiser-with-alb.yml” with the following contents
apiVersion: v1
kind: Service
metadata:
  name: komiser-with-alb
  labels:
    name: komiser-with-alb
spec:
  selector:
    app: komiser-with-alb
  ports:
  - name: http
    port: 3000
  type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: "komiser-with-alb"
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
  labels:
    app: komiser-with-alb
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: "komiser-with-alb"
              servicePort: 3000
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: komiser-with-alb
  labels:
    name: komiser-with-alb
spec:
  replicas: 
  template:
    metadata:
      labels:
        app: komiser-with-alb
    spec:
      containers:
      - name: komiser-with-alb
        image: mlabouardy/komiser:2.1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 3000

  • Analyze the difference between this manifest and the Classic Load Balancer manifest and Network Load Balancer.The use of the Application Load Balancer requires that our Services be exposed using the NodePort mechanism and a new section of “Kind” “Ingress” showed up that performs the actual Ingress Controller configuration

  • Deploy your application by using kubectl

kubectl create -f komiser-with-alb.yml
  • Describe the properties of your newly deployed Service
kubectl describe services
  • Locate the newly created Service by looking for a Service named “komiser-with-alb” with similar content to the below
Name:                     komiser-with-alb
Namespace:                default
Labels:                   name=komiser-with-alb
Annotations:              <none>
Selector:                 app=komiser-with-alb
Type:                     NodePort
IP:                       10.100.65.120
Port:                     http  3000/TCP
TargetPort:               3000/TCP
NodePort:                 http  32501/TCP
Endpoints:                192.168.13.235:3000
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

  • The Service no longer has a “LoadBalancer Ingress” line

  • Describe the properties of your newly deployed Ingress Controller

kubectl describe ingress
  • Locate the newly created Ingress Controller with similar content to the below
Name:             komiser-with-alb
Namespace:        default
Address:          68ff00b9-default-komiserwi-a0a0-1779224450.eu-west-1.elb.amazonaws.com
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host  Path  Backends
  ----  ----  --------
  *     
        /*   komiser-with-alb:3000 (<none>)
Annotations:
  alb.ingress.kubernetes.io/scheme:  internet-facing
  kubernetes.io/ingress.class:       alb
Events:
  Type    Reason  Age   From                    Message
  ----    ------  ----  ----                    -------
  Normal  CREATE  42m   alb-ingress-controller  LoadBalancer 68ff00b9-default-komiserwi-a0a0 created, ARN: arn:aws:elasticloadbalancing:eu-west-1:725135641014:loadbalancer/app/68ff00b9-default-komiserwi-a0a0/a533d5a4c64668a5
  Normal  CREATE  42m   alb-ingress-controller  rule 1 created with conditions [{    Field: "path-pattern",    Values: ["/*"]  }]
  • The line “Address” identifies the DNS name of the created Application Load Balancer
Address:          68ff00b9-default-komiserwi-a0a0-1779224450.eu-west-1.elb.amazonaws.com
  • Access the DNS name with your preferred browser and watch the magic happen. Don’t worry if Komiser doesn’t show you any information apart from the standard landing page, we will learn how to fix that further along in the Workshop