3. AWS Load Balancer Controller 설치 ( Controller )

TL;DR

위 그림 2번 노란 영역에 해당하는

kube-system namespace에 AWS Load Balancer Controller를 helm install로 설치하고

webhook service가 제대로 생성이 되었는지 확인한다.

Pre-requisites

Helm 설치

맥북은 brew로 helm 설치하면 된다.

$ brew install helm

helm 설치 확인

$ helm version

5. Helm repo 설치

우선 controller를 helm install하기 전에

install할 때 사용할 helm의 image repository에 대한 --set flag값을 미리 알아야하는데

이것이 Region마다 그 주소가 다르다.

https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html

위 링크에 가면 Region별 주소를 볼 수 있고 서울 리젼은 ap-northeast-2로서, 아래 주소를 쓴다.

--set image.repository=602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller

eks-charts라는 Helm repo 추가하기

helm repo add eks https://aws.github.io/eks-charts

local repo를 최신 버전으로 update하기

helm repo update

AWS Load Balancer Controller 설치하기

AWS console에서 VPC id를 확인하고 밑에 써준다.

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=JWM-EKS-01 \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=ap-northeast-2 \
  --set vpcId=vpc-07xxxxxxxxxxd0 \
  --set image.repository=602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller
  
결과:
NAME: aws-load-balancer-controller
LAST DEPLOYED: Thu Oct 19 17:29:13 2023
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

Controller가 설치되었다.

6. AWS Load Balancer Controller와 Webhook Service 설치 확인

6-1. Deployment 생성 확인

$ kubectl -n kube-system get deployment aws-load-balancer-controller

결과:
NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
aws-load-balancer-controller   2/2     2            2           82s

더 자세한 내용을 보기 위해서는 describe를 이용

$ kubectl -n kube-system describe deployment aws-load-balancer-controller

결과 출력

Name:                   aws-load-balancer-controller
Namespace:              kube-system
CreationTimestamp:      Thu, 19 Oct 2023 17:29:15 +0900
Labels:                 app.kubernetes.io/instance=aws-load-balancer-controller
                        app.kubernetes.io/managed-by=Helm
                        app.kubernetes.io/name=aws-load-balancer-controller
                        app.kubernetes.io/version=v2.6.1
                        helm.sh/chart=aws-load-balancer-controller-1.6.1
Annotations:            deployment.kubernetes.io/revision: 1
                        meta.helm.sh/release-name: aws-load-balancer-controller
                        meta.helm.sh/release-namespace: kube-system
Selector:               app.kubernetes.io/instance=aws-load-balancer-controller,app.kubernetes.io/name=aws-load-balancer-controller
Replicas:               2 desired | 2 updated | 2 total | 2 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app.kubernetes.io/instance=aws-load-balancer-controller
                    app.kubernetes.io/name=aws-load-balancer-controller
  Annotations:      prometheus.io/port: 8080
                    prometheus.io/scrape: true
  Service Account:  aws-load-balancer-controller
  Containers:
   aws-load-balancer-controller:
    Image:       602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.6.1
    Ports:       9443/TCP, 8080/TCP
    Host Ports:  0/TCP, 0/TCP
    Args:
      --cluster-name=JWM-EKS-01
      --ingress-class=alb
      --aws-region=ap-northeast-2
      --aws-vpc-id=vpc-0767cc5a191c224d0
    Liveness:     http-get http://:61779/healthz delay=30s timeout=10s period=10s #success=1 #failure=2
    Environment:  <none>
    Mounts:
      /tmp/k8s-webhook-server/serving-certs from cert (ro)
  Volumes:
   cert:
    Type:               Secret (a volume populated by a Secret)
    SecretName:         aws-load-balancer-tls
    Optional:           false
  Priority Class Name:  system-cluster-critical
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   aws-load-balancer-controller-5xxxxxxxxx (2/2 replicas created)
Events:
  Type    Reason             Age    From                   Message
  ----    ------             ----   ----                   -------
  Normal  ScalingReplicaSet  7m29s  deployment-controller  Scaled up replica set aws-load-balancer-controller-5xxxxxxxxx to 2

6-2. AWS Load Balancer Controller Webhook Service 생성 확인

$ kubectl -n kube-system get svc

결과:
aws-load-balancer-webhook-service   ClusterIP   172.20.254.190   <none>        443/TCP         8m2s

즉, 443 port에서 listen을 하고, 9443 port(위의 위 결과)로 보내지는 것을 알 수 있다.

위에서 본 두 가지를 다시 자세히 보고 싶다면 다음 명령어 입력

$ kubectl -n kube-system get svc aws-load-balancer-webhook-service -o yaml
$ kubectl -n kube-system get deployment aws-load-balancer-controller -o yaml

6-3. pod와 secrets도 제대로 생성되었는지 확인하고 log를 살펴본다.

$ kubectl get pods -n kube-system

결과:
NAME                                            READY   STATUS    RESTARTS   AGE
aws-load-balancer-controller-57dbd76cfb-mrzm4   1/1     Running   0          17m
aws-load-balancer-controller-57dbd76cfb-vtds9   1/1     Running   0          17m

$ kubectl -n kube-system logs -f  aws-load-balancer-controller-57dbd76cfb-mrzm4
$ kubectl -n kube-system logs -f  aws-load-balancer-controller-57dbd76cfb-vtds9
# 위 두 줄로 제대로 생성되었는지 확인

$ kubectl get secrets -n kube-system | grep aws-load-balancer-controller

결과: 
sh.helm.release.v1.aws-load-balancer-controller.v1   helm.sh/release.v1   1      9h

$ kubectl get secret sh.helm.release.v1.aws-load-balancer-controller.v1 -n kube-system -o yaml

'DevOps와 Infra > AWS EKS' 카테고리의 다른 글

Service Mesh란 (0)	2024.03.04
4. AWS Load Balancer Controller 설치 ( IngressClass 생성 ) (0)	2023.10.28
2. AWS Load Balancer Controller 설치 ( IAM, Service Account ) (0)	2023.10.28
1. AWS Load Balancer Controller 설치 ( Introduction ) (0)	2023.10.25
11. ArgoCD setting (0)	2023.09.11