In this guide, we will deploy a robust NGINX application on an Amazon Elastic Kubernetes Service (EKS) cluster. To make this process seamless, we’ll incorporate the AWS Load Balancer Controller (ALB Controller), which efficiently manages ALB resources in Kubernetes. By the end of this guide, you’ll expose your application to the internet with a custom domain, complete with SSL/TLS security!
Prerequisites:
a) A public hosted zone in Route 53 (in this case, testing.dev).
b) An SSL/TLS certificate issued by AWS Certificate Manager (ACM) for hello.testing.dev
Step 1: Installing the AWS Load Balancer Controller
Before deploying our application, we need the AWS Load Balancer Controller to handle ingress traffic. The controller enables your cluster to manage ALB resources dynamically, ensuring smooth application routing.
Create an IAM Policy
The Load Balancer Controller requires specific permissions to manage AWS resources like ALBs and Target Groups.
Download the IAM policy document:
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json
2. Create the IAM policy:
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
Create a Service Account
We need to associate the controller with the IAM policy using a Kubernetes service account.
Run the following command:
eksctl create iamserviceaccount \
--cluster=my-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::111122223333:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
# Replace "my-cluster" with your cluster name, and policy ARN accordingly.
Install the AWS Load Balancer Controller
- Add the EKS charts Helm repository:
helm repo add eks https://aws.github.io/eks-charts
- Update the Helm repository:
helm repo update eks
- Install the AWS Load Balancer Controller:
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=my-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
# Replace "my-cluster" with your cluster name
- Verify Installation
kubectl get deployment -n kube-system aws-load-balancer-controller
Step 2: Deploying the NGINX Application
Using the following manifest to create an nginx deployment.
Deployment manifest:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Service Manifest:
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
ClusterIP: The default service type, exposing pods internally within the cluster.
selector: Matches pods labeled app: nginx to this service.
Ingress Manifest:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
namespace: default
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-1:12345678901:certificate/ba0aa7ee-9543b-4b5c-924d-8cc7f693e6e7
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
labels:
app: rabbit-ingress
spec:
ingressClassName: alb
rules:
- host: hello.testing.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
# replace the ACM certificate-arn accordingly.
Note: In this article, I’ll be hosting the application on “https://hello.testing.dev”. My public hosted zone name in “testing.dev”. Since this is an internet facing load balancer, only public subnets needs to associated with the load balancer. Ensure that the subnets have a key:value tag as follows:
Key: “kubernetes.io/cluster/<cluster-name>"
Value: shared
Apply all the three manifests, and check if the load balancer’s creation using the following command.
kubectl get ingress <app-ingress>
Output:
NAME CLASS HOSTS ADDRESS PORTS AGE
app-ingress alb hello.testing.dev k8s-default-appingr-1234567890.us-east-1.elb.amazonaws.com 80, 443 5m
Step 3: Configuring DNS in Route 53
To expose your application via a custom domain like hello.testing.dev, you need to create an A record in your public hosted zone (testing.dev). Here's how to do it:
- Navigate to the Route 53 service, and select the public hosted zone(testing.dev).
- Click Create record, enter the record name as “testing”, and record type as “A”. Select “Alias” option, and choose endpoint as “Alias to Application and Classic Load balancer”, region, and load balancer which was created earlier accordingly.
Access your application by navigating to https://hello.testing.dev in your browser.
That’s it. Thank you for taking the time to read this article! Keep up the great work, and happy deploying! 🚀 😊
Top comments (0)