AWS EKS Fargate 建置及服務佈署(下)

延續上一篇:AWS EKS Fargate 建置及服務佈署(上)

我們將於本篇介紹 Load Balance 及其測試,架構師一樣會手把手帶大家逐步操作,就讓我們一起來看看吧!

建立 AWS Application Load Balancer Ingress controller

  • 現在要創建OIDC ID ,向群集中運行的Fargate pod授予IAM權限 ,用來給予alb ingress controller pod 能夠對AWS Application Load Balancer 建置權限)

eksctl utils associate-iam-oidc-provider –cluster $CLUSTER_NAME –approve 

 

  • 下載 alb ingress controller IAMolicy

wget -O alb-ingress-iam-policy.json
https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-
controller/master/docs/examples/iam-policy.json 

 

  • 創建 policy

aws iam create-policy –policy-name ALBIngressControllerIAMPolicy —
policy-document file://alb-ingress-iam-policy.json

 

  • 植入及產生環境變數方便後續作業

後續會用到AWS VPC ID、AWS_ACCOUNT_ID
將透過jq 將前面cloudformation 產出的output json 來取得VPC ID帶入環境變數,和AWS_ACCOUNT_ID

STACK_NAME=eksctl-$CLUSTER_NAME-cluster

VPC_ID=$(aws cloudformation describe-stacks –stack-name “$STACK_NAME” | jq -r ‘[.Stacks[0].Outputs[] | {key: .OutputKey, value: .OutputValue}] | from_entries’ | jq -r ‘.VPC’)

AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r ‘.Account’)

 

  • 創建集群角色和角色綁定描述
  • 部署 Kubernetes 服務帳戶

eksctl create iamserviceaccount \
–name alb-ingress-controller \
–namespace kube-system \
–cluster $CLUSTER_NAME \
–attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/ALBIngressControllerIAMPolicy \
–approve

 

  • 佈署 alb ingress controller,準備alb ingress controller 佈署描述檔
cat > alb-ingress-controller.yaml <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
namespace: kube-system
spec:
selector:
matchLabels:
app.kubernetes.io/name: alb-ingress-controller
template:
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
spec:
containers:
- name: alb-ingress-controller
args:
- --ingress-class=alb
- --cluster-name=$CLUSTER_NAME
- --aws-vpc-id=$VPC_ID
- --aws-region=$AWS_REGION
image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6
serviceAccountName: alb-ingress-controller
EOF
  • 執行佈署

kubectl apply -f alb-ingress-controller.yaml

 

  • 查看佈署

kubectl get pod –all-namespaces

 

到這裡整體架構已差不多,接下來就是透過 kubectl 佈署容器,並透過創建 ingress 自動建立 AWS ALB 提供對外服務。

佈署服務

這裡我們用佈署 nginx 來當作範例

  • 創建pod
    下方YAML可以得知使用官方nginx images 並啟動三個pod

準備物件描述檔

cat > nginx-deployment.yaml <<-EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: "nginx-deployment"
namespace: "default"
spec:
replicas: 3
template:
metadata:
labels:
app: "nginx"
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: "nginx"
ports:
- containerPort: 80
EOF
  • 佈署pod

kubectl apply -f alb-ingress-controller.yaml

 

  • 查看pod

kubectl get pod

 

  • 創建服務,準備物件描述檔
cat > nginx-service.yaml <<-EOF
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/target-type: ip
name: "nginx-service"
namespace: "default"
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: NodePort
selector:
app: "nginx"
EOF
  • 佈署Service

kubectl apply -f nginx-service.yaml

 

  • 查看Service

kubectl get svc

 

  • 創建 Ingress
    將服務透過佈署下面 Ingress 描述檔,告訴前面創立的 alb ingress controller 如何連到服務,寫回 AWS ALB 建立 ALB 物件提供對外服務

 

  • 創建 Ingress 物件描述檔
cat > nginx-ingress.yaml <<-EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "nginx-ingress"
namespace: "default"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
labels:
app: nginx-ingress
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: "nginx-service"
servicePort: 80
EOF
  • 佈署 Ingress 物件

kubectl apply -f nginx-ingress.yaml

 

  • 查看 Ingress 及連線位置

kubectl get ing

 

 

於瀏覽器上輸入上圖ADDRESS 連結

按照架構師的步驟依序建置是不是變得很簡單呢? 完成後也更了解 AWS EKS 了吧!

 

請持續鎖定 Nextlink 架構師專欄,以獲得最新專業資訊喔!

若您有任何 AWS 需求,歡迎與我們聯繫!