aws-load-balancer-controller 설치

aws eks aws-load-balancer-controller 설치 방법 

AWS Load Balancer Controller 추가 기능

 

출처 https://oops4u.tistory.com/2586

아래와 같이 진행

-------------------------------

eksctl utils associate-iam-oidc-provider \

    --region ap-northeast-2 \

    --cluster eks-name \

    --approve

curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json

aws iam create-policy \

    --policy-name AWSLoadBalancerControllerIAMPolicy111 \

    --policy-document file://iam-policy.json

eksctl create iamserviceaccount \

  --cluster=eks-name  \

  --namespace=kube-system \

  --name=aws-load-balancer-controller \

  --attach-policy-arn=arn:aws:iam::111111111:policy/AWSLoadBalancerControllerIAMPolicy111 \

  --override-existing-serviceaccounts \

  --approve

#role-albc-eks 신뢰 정책 편집

{

   "Version": "2012-10-17",

   "Statement": [

      {

         "Effect": "Allow",

         "Principal": {

            "Federated": "arn:aws:iam::1111111111:oidc-provider/oidc.eks.ap-northeast-2.amazonaws.com/id/111111111"

         },

         "Action": "sts:AssumeRoleWithWebIdentity",

         "Condition": {

            "StringEquals": {

               "oidc.eks.ap-northeast-2.amazonaws.com/id/1111111:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller",

               "oidc.eks.ap-northeast-2.amazonaws.com/id/1111111:aud": "sts.amazonaws.com"

            }

         }

      }

   ]

}

#파일 aws-load-balancer-controller-service-account.yaml

#AWSLoadBalancerControllerIAMPolicy111 정책사용에 권한 연결함.

# 신뢰 관계

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    app.kubernetes.io/component: controller

    app.kubernetes.io/name: aws-load-balancer-controller

  name: aws-load-balancer-controller

  namespace: kube-system

  annotations:

      eks.amazonaws.com/role-arn: arn:aws:iam::11111111111:role/role-albc-eks

helm repo add eks https://aws.github.io/eks-charts

helm upgrade -i aws-load-balancer-controller \

    eks/aws-load-balancer-controller \

    -n kube-system \

    --set clusterName=eks-name \

    --set serviceAccount.create=false \

    --set serviceAccount.name=aws-load-balancer-controller \

kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

kubectl -n kube-system rollout status deployment aws-load-balancer-controller