延續上一篇:AWS EKS Fargate 建置及服務佈署(上)
我們將於本篇介紹 Load Balance 及其測試,架構師一樣會手把手帶大家逐步操作,就讓我們一起來看看吧!
建立 AWS Application Load Balancer Ingress controller
- 現在要創建OIDC ID ,向群集中運行的Fargate pod授予IAM權限 ,用來給予alb ingress controller pod 能夠對AWS Application Load Balancer 建置權限)
eksctl utils associate-iam-oidc-provider –cluster $CLUSTER_NAME –approve
- 下載 alb ingress controller IAMolicy
wget -O alb-ingress-iam-policy.json
https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-
controller/master/docs/examples/iam-policy.json
- 創建 policy
aws iam create-policy –policy-name ALBIngressControllerIAMPolicy —
policy-document file://alb-ingress-iam-policy.json
- 植入及產生環境變數方便後續作業
後續會用到AWS VPC ID、AWS_ACCOUNT_ID
將透過jq 將前面cloudformation 產出的output json 來取得VPC ID帶入環境變數,和AWS_ACCOUNT_ID
STACK_NAME=eksctl-$CLUSTER_NAME-cluster
VPC_ID=$(aws cloudformation describe-stacks –stack-name “$STACK_NAME” | jq -r ‘[.Stacks[0].Outputs[] | {key: .OutputKey, value: .OutputValue}] | from_entries’ | jq -r ‘.VPC’)
AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r ‘.Account’)
- 創建集群角色和角色綁定描述
cat > rbac-role.yaml <<-EOF
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
rules:
- apiGroups:
- ""
- extensions
resources:
- configmaps
- endpoints
- events
- ingresses
- ingresses/status
- services
verbs:
- create
- get
- list
- update
- watch
- patch
- apiGroups:
- ""
- extensions
resources:
- nodes
- pods
- secrets
- services
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: alb-ingress-controller
subjects:
- kind: ServiceAccount
name: alb-ingress-controller
namespace: kube-system
EOFkubectl apply -f rbac-role.yaml
- 部署 Kubernetes 服務帳戶
eksctl create iamserviceaccount
–name alb-ingress-controller
–namespace kube-system
–cluster $CLUSTER_NAME
–attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/ALBIngressControllerIAMPolicy
–approve
- 佈署 alb ingress controller,準備alb ingress controller 佈署描述檔
cat > alb-ingress-controller.yaml <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
namespace: kube-system
spec:
selector:
matchLabels:
app.kubernetes.io/name: alb-ingress-controller
template:
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
spec:
containers:
- name: alb-ingress-controller
args:
- --ingress-class=alb
- --cluster-name=$CLUSTER_NAME
- --aws-vpc-id=$VPC_ID
- --aws-region=$AWS_REGION
image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6
serviceAccountName: alb-ingress-controller
EOF
- 執行佈署
kubectl apply -f alb-ingress-controller.yaml
- 查看佈署
kubectl get pod –all-namespaces
到這裡整體架構已差不多,接下來就是透過 kubectl 佈署容器,並透過創建 ingress 自動建立 AWS ALB 提供對外服務。
佈署服務
這裡我們用佈署 nginx 來當作範例
- 創建pod
下方YAML可以得知使用官方nginx images 並啟動三個pod
準備物件描述檔
cat > nginx-deployment.yaml <<-EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: "nginx-deployment"
namespace: "default"
spec:
replicas: 3
template:
metadata:
labels:
app: "nginx"
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: "nginx"
ports:
- containerPort: 80
EOF
- 佈署pod
kubectl apply -f alb-ingress-controller.yaml
- 查看pod
kubectl get pod
- 創建服務,準備物件描述檔
cat > nginx-service.yaml <<-EOF
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/target-type: ip
name: "nginx-service"
namespace: "default"
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: NodePort
selector:
app: "nginx"
EOF
- 佈署Service
kubectl apply -f nginx-service.yaml
- 查看Service
kubectl get svc
- 創建 Ingress
將服務透過佈署下面 Ingress 描述檔,告訴前面創立的 alb ingress controller 如何連到服務,寫回 AWS ALB 建立 ALB 物件提供對外服務
- 創建 Ingress 物件描述檔
cat > nginx-ingress.yaml <<-EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "nginx-ingress"
namespace: "default"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
labels:
app: nginx-ingress
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: "nginx-service"
servicePort: 80
EOF
- 佈署 Ingress 物件
kubectl apply -f nginx-ingress.yaml
- 查看 Ingress 及連線位置
kubectl get ing
於瀏覽器上輸入上圖ADDRESS 連結
按照架構師的步驟依序建置是不是變得很簡單呢? 完成後也更了解 AWS EKS 了吧!
請持續鎖定 Nextlink 架構師專欄,以獲得最新專業資訊喔!
若您有任何 AWS 需求,歡迎與我們聯繫!