AWS Load Balancer Controller Tutorial (TLS): AWS EKS Kubernetes Tutorial - Part 6
HTML-код
- Опубликовано: 3 июл 2024
- 🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [Playlist] AWS EKS Kubernetes Tutorial: • AWS EKS Kubernetes Tut...
👉 Kubernetes Tutorial for Beginners [Full Course]: • Kubernetes Tutorial fo...
👉 AWS EKS Tutorial for Beginners [Full Course]: • AWS EKS Tutorial for B...
👉 Other Kubernetes Tutorials: • AWS EKS Kubernetes Tut...
1. Create AWS VPC using Terraform
2. Create AWS EKS Cluster using Terraform
3. Add IAM User & IAM Role to AWS EKS
4. Horizontal Pod Autoscaler (HPA) on AWS EKS
5. Cluster Autoscaler Tutorial (EKS Pod Identities)
6. AWS Load Balancer Controller Tutorial (TLS)
7. Nginx Ingress Controller Tutorial (Cert-Manager & TLS)
8. CSI Driver Tutorial (ReadWriteOnce)
9. EFS CSI Driver Tutorial (ReadWriteMany)
10. AWS Secrets Manager Tutorial (Env & Files)
Based on the feedback, I’ll add the following sections (let me know if anything else is missing):
- Autoscaling with Karpenter
- Autoscaling with Keda
- Private Ingress with Private DNS & VPN
- Monitoring with Prometheus
- EKS self managed group
- EKS Fargate
- EKS Pod Identities vs. EKS IRSA (oidc) vs. Node roles
▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬
► I’m a Senior Software Engineer at Juniper Networks (12+ years of experience)
► Located in San Francisco Bay Area, CA (US citizen)
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
► LinkedIn: / anton-putra
► Twitter/X: / antonvputra
► GitHub: github.com/antonputra
► Email: me@antonputra.com
▬▬▬▬▬▬ Related videos 👨🏫 ▬▬▬▬▬▬
👉 [Playlist] Kubernetes Tutorials: • Kubernetes Tutorials
👉 [Playlist] Terraform Tutorials: • Terraform Tutorials fo...
👉 [Playlist] Network Tutorials: • Network Tutorials
👉 [Playlist] Apache Kafka Tutorials: • Apache Kafka Tutorials
👉 [Playlist] Performance Benchmarks: • Performance Benchmarks
👉 [Playlist] Database Tutorials: • Database Tutorials
▬▬▬▬▬▬▬ Timestamps ⏰ ▬▬▬▬▬▬▬
0:00 Overview
5:05 AWS Load Balancer Controller
7:30 Example 1: Create service of type LoadBalancer
11:35 Example 2: Create HTTP Ingress
14:12 Example 3: Create HTTPS Ingress (Secure Ingress with TLS )
▬▬▬▬▬▬▬ Source Code 📚 ▬▬▬▬▬▬▬
► Up-to-date code, updated regularly once a month: github.com/antonputra/tutoria...
► Original code: github.com/antonputra/tutoria...
#AWS #EKS #Kubernetes Наука
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [Playlist] AWS EKS Kubernetes Tutorial: ruclips.net/p/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l&si=wc6LIC5V2tD-Tzwl
👉 Kubernetes Tutorial for Beginners [Full Course]: ruclips.net/p/PLiMWaCMwGJXkYKFa_x0Ch38uznuv-4c3l
👉 AWS EKS Tutorial for Beginners [Full Course]: ruclips.net/video/kwq9EfELYII/видео.html
👉 Other Kubernetes Tutorials: ruclips.net/p/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l
This playlist is pure gold!
Three more to go! 😀
@@AntonPutra 👏👏👏
Loving these playlist
❤️
dude you are rocking it. Thanks for this playlist.
❤
Thanks 🙏
welcome!
Absolutly loving this series, so happy that i've found it right when i wanted to setup my own eks cluster
I'd like to see how deploying multiple apps would work with your guide, like Grafana, Prometheus and Loki for example, exposed with subdomain but also accessible from within the cluster by other services. Don't see that in the additional sections you've commented
Keep up the good work!
Thank you! I have few additional lessons on EKS that will cover client side VPN + Private Route 53 hosted zones and internal Ingresses (pushing private DNS as VPN config)
Excellent !!
It will be helpful if you share the exact link for git to get the terraform code.
thanks, it's in description - github.com/antonputra/tutorials/tree/main/lessons/195
Thank you So much Genius, Could you please help me with ordered steps involved to upgrade eks cluster briefly ... i have followed below steps . could u pls validate and correct me if the order is not proper.
1. backup (kubectl get all --A -o yaml > backup.yaml
2. upgrade control plane throu aws console
3. upgrade node groups
4. upgrade addons (each verison at a time) by preserving
5. validate coredns etc...
Seems correct. However, from time to time, Kubernetes deprecates some APIs. For example, it deprecated the Ingress beta API. So, you should check before upgrading your cluster to see if you have anything that needs to be updated.
Thank you for the lesson! I have one question about certificates. Are there any ways to automate this, just like we can do with cert-manager + nginx ingress? If we don't want to store the certificate ARN directly in the kubernetes manifests... Because it seems to me that it's not very error-resistant in this case and we need always to update it manually in case of changing the certificate ARN for some reason
One way I can think of doing this is to create a higher abstraction. For example, to create and validate a certificate, you can use Terraform. Then, you can pass the ARN of the certificate from Terraform to the Helm chart as an argument responsible for deploying your application. The AWS Load Balancer Controller by itself does not provide any options to automate this.
Hello, Anton. Thank you for tutorials. One question I have, I installed argocd on EKS fargate, and not sure how to access UI.
I am assuming the only way to access it is by creating ingress which creates public LB. But according to this demo it is not recommended to. provision public LB for internal tools.
Hi, no matter what, never expose your internal services to the internet. The best option is to create a private ingress. You can configure it using annotations on the ingress resource, but you also need to set up a client VPN and push private Route 53 hosted zones to your machine. It's not difficult; take a look at AWS Client VPN managed service. The second best option is to port forward each time, but it's annoying.
@@AntonPutra thank you, it is actually what I ended up doing.
@@aidakhalelova3376 no problem, i have a little old tutorial but here is a source code for setting up self hosted openvpn and pushing routes & dns - github.com/antonputra/tutorials/tree/main/lessons/084
Apps can use the same ALB with a simple groupname annotation
They can, but there are some limitations - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/annotations/#ingressgroup
Hi, very good playlist, thanks a lot. I am facing an error when I try to install alb controller: "unable to initialize AWS cloud","error":"failed to introspect vpcID from EC2Metadata or Node name, specify --aws-vpc-id instead if EC2Metadata", I am using the same scripts, The only difference is the cluster version, I am using 1.30.
try to use the latest helm chart version for the aws load balancer controller, I'll test 1.30 in about a week and update the terraform code
Run to get the latest verion:
helm repo update
helm search repo aws-load-balancer-controller
@@AntonPutra Hi, I try with 1.8.2 version, but it doesnt work. So I used cluster version 1.29 and It works. Thanks for your answer.
@@jesdavidgomez well, eks 1.30 was introduce a week or two ago, maybe it wasn't enough time to update load balancer controller. But like I said I'll be updating source code for this playlist 1 or 2 times a month moving forward.
For what it's worth, I seem to be running into the same issue no matter which version of EKS and the ALB controller I pick. (Edit: I had to provide the VPC ID, and then it worked.)
@@epgui yes, for 1.30 you need to provide vpc id - github.com/antonputra/tutorials/blob/main/lessons/196/terraform/15-aws-lbc.tf#L57-L60
is there any video available for eks security group ?
Is there anything specific you are interested in? In part 9, I use EKS security groups to allow access to the EFS file system.
Something like this:
resource "aws_efs_mount_target" "zone_a" {
file_system_id = aws_efs_file_system.eks.id
subnet_id = aws_subnet.private_zone1.id
security_groups = [aws_eks_cluster.eks.vpc_config[0].cluster_security_group_id]
}
@@AntonPutra yes sir like pod security group means you can directly attach security groups to pods and like how to attach security group to eks using terraform
@@kalpeshkolap3525 got it will do- docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html