为EKS集群配置ALB
在上一篇文章中我整理了创建EKS集群的思维导图流程,这一篇介绍如何为EKS集群创建ALB。
架构图
实战思维导图
附录及测试
创建service account
# 创建albserviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: aws-load-balancer-controller
name: aws-load-balancer-controller
namespace: kube-system
annotations:
eks.amazonaws.com/role-arn: arn:aws-cn:iam::
YOUR_AWS_ACCOUNT:role/tsAmazonEKSLoadBalancerControllerRole
# kubectl apply -f albserviceaccount.yaml
# kubectl describe serviceaccount/aws-load-balancer-controller -n kube-system
部署 ALB Controller
部署 cert-manager 将证书配置注入到 webhook
#下载cert-manager文件
wget https://github.com/jetstack/cert-manager/releases/download \
/v1.1.1/cert-manager.yaml --no-check-certificate
#部署cert-manager
kubectl apply --validate=false -f cert-manager.yaml
下载部署 controller 的 yaml 文件
wget https://raw.githubusercontent.com/kubernetes-sigs \
/aws-load-balancer-controller/v2.2.0/docs/install \
/v2_2_0_full.yaml --no-check-certificate
删掉“ServiceAccount”对象内容
在上一步中已建好 Service account 并配置了 AWS Role
把your-cluster-name替换成自己的
kubectl apply -f v2_2_0_full.yaml
查看 controller 是否安装成功
kubectl get deployment -n kube-system aws-load-balancer-controller
部署demo应用
cat nginx-demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-demo
name: nginx-demo
namespace: demo
spec:
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx-demo
strategy:
rollingUpdate:
maxSurge: 20%
maxUnavailable: 20%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: nginx-demo
name: nginx-demo
spec:
containers:
- name: nginx-demo
image: nginx:1.24.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
- containerPort: 443
protocol: TCP
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 10
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 10
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: host-time
mountPath: /etc/localtime
- name: applog
mountPath: /var/log/nginx
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time
- name: applog
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: nginx-demo
namespace: demo
spec:
ports:
- name: web
port: 80
targetPort: 80
- name: webssl
port: 443
targetPort: 443
selector:
app: nginx-demo部署demo-ingrss
cat demo-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-ingress
namespace: demo
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-demo
port:
number: 80 kubectl apply -f demo-ingress.yaml
kubectl get ing -n demo参考文档
https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress....
https://zhuanlan.zhihu.com/p/458454919
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。