Setting Up AWS Load Balancer Controller in EKS: A Comprehensive Step-by-Step Guide

Introduction to Ingress Controllers and OIDC in EKS

Amazon Elastic Kubernetes Service (EKS) offers a robust platform for deploying, managing, and scaling containerized applications. One of the essential components of managing traffic in a Kubernetes environment is the Ingress Controller. The AWS Load Balancer Controller, designed explicitly for EKS, automates your cluster’s Elastic Load Balancers (ELBs) management. This guide will walk you through setting up the AWS Load Balancer Controller, from prerequisites to final installation, ensuring a secure and efficient deployment.

Prerequisites: EKS Cluster and Kubectl

Before diving into the setup, ensure that you have the following prerequisites in place:

1. EKS Cluster: You should have a running EKS cluster. If you haven’t set one up yet, you can follow the official AWS EKS documentation.
2. Kubectl: Install the Kubernetes command-line tool kubectl and ensure it’s configured to interact with your EKS cluster.

Configuring OIDC for Secure Authentication

OpenID Connect (OIDC) provides secure authentication for your EKS cluster. AWS integrates OIDC with IAM roles, allowing your Kubernetes workloads to assume roles securely without AWS credentials. To configure OIDC for your EKS cluster:

1. Associate OIDC with Your EKS Cluster:

Use the AWS CLI to associate an OIDC provider with your EKS cluster:

eksctl utils associate-iam-oidc-provider –region <region> –cluster <cluster_name> –approve

1. Verify OIDC Association:

Confirm the OIDC provider association using the AWS Management Console or CLI.

Deploying the AWS Load Balancer Controller

4.1 Creating an IAM Policy for ELB Controller Permissions

The AWS Load Balancer Controller requires specific permissions to create and manage AWS resources. Follow these steps to create an IAM policy:

1. Create the IAM Policy:

Save the following policy document as iam-policy.json:

{

  “Version”: “2012-10-17”,

  “Statement”: [

    {

      “Effect”: “Allow”,

      “Action”: [

        “ec2:DescribeSubnets”,

        “ec2:DescribeSecurityGroups”,

        “ec2:DescribeVpcs”,

        “ec2:DescribeInstances”,

        “elasticloadbalancing:*”,

        “iam:CreateServiceLinkedRole”,

        “iam:GetServerCertificate”,

        “iam:ListServerCertificates”

      ],

      “Resource”: “*”

    }

  ]

}

Create the IAM policy using the AWS CLI:

aws iam create-policy –policy-name AWSLoadBalancerControllerIAMPolicy –policy-document file://iam-policy.json

4.2 Creating an IAM Role and Kubernetes Service Account

To enable the Load Balancer Controller to assume the necessary IAM roles, you must create a service account linked to an IAM role:

1. Create an IAM Role:

Use eksctl to create the role and associate it with your Kubernetes service account:

eksctl create iamserviceaccount \

  –cluster <cluster_name> \

  –namespace kube-system \

  –name aws-load-balancer-controller \

  –attach-policy-arn arn:aws:iam::<account_id>:policy/AWSLoadBalancerControllerIAMPolicy \

  –approve

1. Verify Role Creation:

Check the IAM role in the AWS Management Console to ensure it’s correctly attached to the service account.

Installing the Ingress Controller using Helm

Helm is the preferred way to install the AWS Load Balancer Controller on your EKS cluster. Follow these steps to install it:

1. Add the EKS Helm Chart Repository:

Add the AWS EKS Helm chart repository:

helm repo add eks https://aws.github.io/eks-charts

helm repo update

1. Install the AWS Load Balancer Controller:

Install the controller using Helm:

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \

  –set clusterName=<cluster_name> \

  –set serviceAccount.create=false \

  –set serviceAccount.name=aws-load-balancer-controller \

  –namespace kube-system

(Optional) Verifying the Installation

To ensure that the AWS Load Balancer Controller is correctly installed and functioning:

1. Check the Deployment Status:

Verify the deployment using kubectl:

kubectl get deployment -n kube-system aws-load-balancer-controller

1. Test the Ingress Controller:

Deploy and expose a sample application using an Ingress resource to test the functionality.

Conclusion

Setting up the AWS Load Balancer Controller in an EKS cluster is essential for managing traffic efficiently and securely. Following this guide, you’ve configured OIDC, created necessary IAM roles, and installed the Load Balancer Controller using Helm. With everything set up, your EKS cluster is ready to handle traffic using AWS-managed load balancers.

References

Install the AWS Load Balancer Controller add-on using Kubernetes Manifests

What is the AWS Load Balancer Controller?