aws-load-balancer-controller 설치 :: 에버노트

    ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • aws-load-balancer-controller 설치
      카테고리 없음 2022. 6. 22. 13:47

      aws eks aws-load-balancer-controller 설치 방법 

      AWS Load Balancer Controller 추가 기능
       


      아래와 같이 진행

      -------------------------------

      eksctl utils associate-iam-oidc-provider \

          --region ap-northeast-2 \
          --cluster eks-name \
          --approve

      aws iam create-policy \
          --policy-name AWSLoadBalancerControllerIAMPolicy111 \
          --policy-document file://iam-policy.json

      eksctl create iamserviceaccount \
        --cluster=eks-name  \
        --namespace=kube-system \
        --name=aws-load-balancer-controller \
        --attach-policy-arn=arn:aws:iam::111111111:policy/AWSLoadBalancerControllerIAMPolicy111 \
        --override-existing-serviceaccounts \
        --approve



      #role-albc-eks 신뢰 정책 편집
      {
         "Version": "2012-10-17",
         "Statement": [
            {
               "Effect": "Allow",
               "Principal": {
                  "Federated": "arn:aws:iam::1111111111:oidc-provider/oidc.eks.ap-northeast-2.amazonaws.com/id/111111111"
               },
               "Action": "sts:AssumeRoleWithWebIdentity",
               "Condition": {
                  "StringEquals": {
                     "oidc.eks.ap-northeast-2.amazonaws.com/id/1111111:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller",
                     "oidc.eks.ap-northeast-2.amazonaws.com/id/1111111:aud": "sts.amazonaws.com"
                  }
               }
            }
         ]
      }

      #파일 aws-load-balancer-controller-service-account.yaml
      #AWSLoadBalancerControllerIAMPolicy111 정책사용에 권한 연결함.
      # 신뢰 관계
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        labels:
          app.kubernetes.io/component: controller
          app.kubernetes.io/name: aws-load-balancer-controller
        name: aws-load-balancer-controller
        namespace: kube-system
        annotations:
            eks.amazonaws.com/role-arn: arn:aws:iam::11111111111:role/role-albc-eks




      helm upgrade -i aws-load-balancer-controller \
          eks/aws-load-balancer-controller \
          -n kube-system \
          --set clusterName=eks-name \
          --set serviceAccount.create=false \
          --set serviceAccount.name=aws-load-balancer-controller \

      kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

      kubectl -n kube-system rollout status deployment aws-load-balancer-controller
      저작자표시

      댓글

    Designed by Tistory.

    티스토리툴바