EKS : Deploy application with ingress, k8s

EKS : Deploy application with ingress, k8s

we will learn about AWS EKS. We will deploy a real-time 2048 game application and expose it to the outside world using Ingress and ALB Ingress Controller.

external user will talk to the application load balancer in the public subnet and then request will go to the pod. ingress will route the traffic inside the cluster. we need an ingress controller that watches for ingress resource and creates an application load balancer for us. in gress file allows user to access <exaMple.com> forward the request to the service and from the service request goes to POD.

prerequisites are -

  1. kubectl – A command line tool for working with Kubernetes clusters.

  2. eksctl – A command line tool for working with EKS clusters that automates many individual tasks. we will create eks cluster with this commands easily.

AWS CLI – A command line tool for working with AWS services, including Amazon EKS.

Create EKS cluster-

write command to easy create of eks cluster. it creates a vpc, subnet and all taken care by eksctl utility. after done eks cluster should reflect in aws UI. we can see resources, networkng, computers in eks cluster details. in overview there is a open ID Connected URL- this aws allows you to attach any identity provider, either we will cuse IAM now. there is a fargate profile also created in the default namespace, we have to adda new fargate profilel later because we have to deploy the app in another namespace, that's a concept in Fargate so we will create a new profile.

  • eksctl create cluster --name demo-cluster --region us-east-1 --fargate

to download the kubeconfig file use command below. this will access the information and interact with EKS cluster.

aws eks update-kubeconfig --name<> --region <>

Create fargate profile-

create fargate profile with flag --namespace

eksctl create fargetprofile --cluster demo-cluster02 --region us-east-1 --name=alb-simple-app --namespace game-2048

Create yaml files -

create deployment.yaml, service.yaml and ingress.yaml files to create an application.

  • target port of svc and container port of deployment should same.

  • labels and selectors should same.

  • Ingress file have ingress class- alb, some annotations - internet facing and ip.

  • flow is - in the ingress file, when there is a matching rule then it forwards Request to SVC - svc forwards req to deployment with the same namespace.

      apiVersion: v1
      kind: Namespace
        name: game-2048
      apiVersion: apps/v1
      kind: Deployment
        namespace: game-2048
        name: deployment-2048
            app.kubernetes.io/name: app-2048
        replicas: 5
              app.kubernetes.io/name: app-2048
            - image: alexwhen/docker-2048
              imagePullPolicy: Always
              name: app-2048
              - containerPort: 80
      apiVersion: v1
      kind: Service
        namespace: game-2048
        name: service-2048
          - port: 80
            targetPort: 80
            protocol: TCP
        type: NodePort
          app.kubernetes.io/name: app-2048
      apiVersion: networking.k8s.io/v1beta1
      kind: Ingress
        namespace: game-2048
        name: ingress-2048
          kubernetes.io/ingress.class: alb
          alb.ingress.kubernetes.io/scheme: internet-facing
          alb.ingress.kubernetes.io/target-type: ip
          - http:
                - path: /*
                    serviceName: service-2048
                    servicePort: 80

    all pods are running -

all service are running -

we created a ingress-

Here in ingress-2048- address is empty now because we don't have an ingress controller which is necessary. In order to ingress resources to work, the cluster must have an ingress controller running. so we will make a ALB controller then adress will be there and then external users can access this thing. load balancer controller reads the ingress resource and then load balancer will be created.

Create IAM role and policy-

eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve

The eksctl utils associate-iam-oidc-provider command is used to associate an IAM OIDC (OpenID Connect) identity provider with an Amazon EKS (Elastic Kubernetes Service) cluster. This command is typically used to establish the necessary IAM OIDC trust relationship between your EKS cluster and AWS Identity and Access Management (IAM) roles, allowing Kubernetes service accounts within your cluster to assume IAM roles for certain tasks.

Now ALB controller access to aws services such as application load balancer. we need policies and roles because alb controller will create load balancer and needs to talsk to aws APIs.

Download IAM policy

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json

Create IAM Policy

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

Create IAM Role

eksctl create iamserviceaccount \
  --cluster=<your-cluster-name> \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --role-name AmazonEKSLoadBalancerControllerRole \
  --attach-policy-arn=arn:aws:iam::<your-aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \

Deploy ALB controller -

using helm we deploy alb controller in AWS.

Add helm repo

helm repo add eks https://aws.github.io/eks-charts

Update the repo

helm repo update eks


helm install aws-load-balancer-controller eks/aws-load-balancer-controller \            
  -n kube-system \
  --set clusterName=<your-cluster-name> \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=<region> \
  --set vpcId=<your-vpc-id>

Verify that the deployments are running.

kubectl get deployment -n kube-system aws-load-balancer-controller

Now we get the address-

Go to aws ui and access the load balancer DNS name and paste it to the browser-

Thanks for reading :) happy learning!....