Native EKS Ingress: AWS Load Balancer Controller & 5 Examples (Terraform, TLS, IngressGroup, IP)

Рет қаралды 36,874

Күн бұрын

Пікірлер: 132

@AntonPutra Жыл бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: kzbin.info/aero/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l&si=wc6LIC5V2tD-Tzwl

@kevaljoshi-k5y 2 жыл бұрын

I have gone through so many articles on google and youtube videos. This is the best video so far.

@AntonPutra 2 жыл бұрын

Thanks one more is coming on the topic

@bnssoftware3292 11 ай бұрын

This video series is pure gold. Thank you very much.

@AntonPutra 11 ай бұрын

Thank you!

@garrydias 7 ай бұрын

The most complete! Amazing. A little bit fast but everything is there and plus: raw, helm terraform.. amazing!!

@AntonPutra 7 ай бұрын

thank you!!

@ivanyakimenko2321 11 ай бұрын

High quality content only! It's the second time Your video helps me to figure out how to deal with k8s! Keep going!

@AntonPutra 11 ай бұрын

Thank you, Ivan!

@Oxxygen_io 20 күн бұрын

Thanks mate, this is a good way to grasp the Terraform part of infrastructure.

@AntonPutra 19 күн бұрын

thanks i have updated eks services if you're interested - kzbin.info/aero/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l

@YossiSilberhaft 8 ай бұрын

This is exactly what I was looking for! Thanks for a brilliant video!

@thurnishaley7460 Жыл бұрын

Антон, большое спасибо за такие ценные видео!

@AntonPutra Жыл бұрын

Spasibo)

@oliviercousin-xy4ds 5 ай бұрын

I definitively appreciate this video. Clear and didactic. Thanks a lot

@AntonPutra 5 ай бұрын

thank you!

@tan_teta 2 ай бұрын

This guy is way super smart 👏👏👏

@AntonPutra 2 ай бұрын

thanks :) i have updated video - kzbin.info/www/bejne/a4nTgZyFh7OsZ9E

@argosbrave6415 4 ай бұрын

Thank God for you sir

@AntonPutra 4 ай бұрын

😊

@davidcsidavidcsi 10 ай бұрын

you saved my life man, thanks for posting this!

@AntonPutra 10 ай бұрын

no problem!

@concept_la Жыл бұрын

Wow.. thank you soo much for the quality content. You have no idea how much I appreciate this video. If you are ever in Los Angeles let me know and I'll buy you a beer 🙌

@AntonPutra Жыл бұрын

Thanks, sure lol

@eugenm.5288 Жыл бұрын

The best explanation that I coud find in web. Thank you very much. It has really helped.

@AntonPutra Жыл бұрын

Thank you, Eugen! I appreciate it!

@rehantayyab82 11 ай бұрын

High level steps to create eks cluster with terraform : 1. create vpc,subnets , route table and association , igw , nat etc 2.create proper iam roles and policies required for eks master and node groups 3. create eks cluster and node groups now how to access this cluster to run yaml files to create deployments and services etc ..... plz can u reply

@AntonPutra 11 ай бұрын

You need to update your k8s config with "aws eks update-kubeconfig --name dev-demo --region us-east-2" replace region and name of the cluster

@faridakbarov4532 Жыл бұрын

its amazing Anton )) thanks a lot bro

@AntonPutra Жыл бұрын

welcome :)

@karthikreddy6638 Жыл бұрын

Hi Anton, Great video. Loved the detailed explanation. If possible please make a video on TLS Termination at Pods for end to end encryption.

@AntonPutra Жыл бұрын

well i have one with istio and end to end tls via gateway

@tiagobarreto4104 2 жыл бұрын

Hey man! Really GREAT content! Thank you!

@AntonPutra 2 жыл бұрын

Hey, thanks!

@user-wp5hh3zw2m 8 ай бұрын

thank you so much, such a great tutorial!!

@AntonPutra 8 ай бұрын

Welcome!!

@pier_x0 Жыл бұрын

Great job as usual! Thanks It's a really peaty that the AWS Load Balancer Controller doesn't support the rewrite rules

@AntonPutra Жыл бұрын

Thanks, I know

@weyderfs Жыл бұрын

Great video, thanks for share, I've using Istio for K8s mesh, in my opinion it's more easier and simple to manage, but learn other methods it's very important.

@AntonPutra Жыл бұрын

Thanks, what about app mesh?

@opstalks Жыл бұрын

@@AntonPutra Yes, about networking service mesh, discovery. Istio works like that, including gateway and ingress controllers.

@elad3958 Жыл бұрын

Absoulely needed this!. I just subcsribed.

@AntonPutra Жыл бұрын

Thanks El!

@athiqurrahman1212 Жыл бұрын

is it possible to use singel ALB to terminate mutiple SSL hosts that are using the same ACM?

@AntonPutra Жыл бұрын

I guess you could use multiple alternative names when issuing the certificate. However, it can be a nightmare to maintain in the long term, especially if you need to add new DNS entries or remove deprecated ones.

@timo2080 2 жыл бұрын

Hey, I love your work and videos! Keep it going. Question, is it still not possible to make aws-loadbalancer-controller work to issue letsencrypt or zerossl certificates? Do we still have to use ingress-nginx controller in 2022 because aws-loadbalancer-controller is ment to issue only AWS certificates? 😛 I can issue certificates from zerossl with cert-manager annotation, but the aws-loadbalancer-controller cannot discover those certificates unfortunately.

@davidvillasmil1468 10 ай бұрын

very nice tutorial! i can't figure out how to create the ALB on an EXISTING eks...

@AntonPutra 10 ай бұрын

Why? What's the problem? Do you use helm cli to deploy or terraform?

@fabianvivanco6555 2 жыл бұрын

Excellent video! I have a question. Is it recommended to use alb ingress controller in production environments? Since it requires a Nodeport service and that is a security hole because we are opening a port of our instance.

@AntonPutra 2 жыл бұрын

Thanks! Even if you expose your app with load balancer, it will open node ports. You still have security groups in place that block unauthorized access. But I would recommend to use ip mode anyway.

@msrraoudh 10 ай бұрын

Hey anton, i like your videos the way you do them ! can you please do a video for eks with keda autoscaling ! thanks

@AntonPutra 10 ай бұрын

Sure, just put it in my list!

@221341shanky 2 жыл бұрын

Awesome content!!. Got everything I was looking for in a single video. Will the cost be more for ALB in comparison to Classic load balancer and how can I calculate the cost? And how we can have ingress create Classic Load Balancer instead of ALB? Thanks again for the video!

@AntonPutra 2 жыл бұрын

Thanks! You shouldn't use Classic load balancer at all, better to migrate to NLB. In term of pricing ALB a little bit more expensive than NLB - aws.amazon.com/elasticloadbalancing/pricing/ You can use AWS Load balancer controller to provision services of type "LoadBalancer" with NLB

@rahulvarma2100 2 жыл бұрын

Great walkthrough ! For a of service type ClusterIP, is it mandatory to have external-dns ? If not, what the configuration would be in the ingress manifest ?

@AntonPutra 2 жыл бұрын

Thanks, do you mean external-dns plugin to automatically create DNS records, not at all

@himanshumahajan596 11 ай бұрын

@antonPutra if we are changing image for service b then its not working for service b using only path based routing , which looks like service not available , can you help

@AntonPutra 11 ай бұрын

Well, alb controller has some limitations related to rewriting but it should work in the case you described

@cartoonify-ai Жыл бұрын

Can we configure aws load balancer with kubedam setup cluster so that when I connect my network load balancer with kubeadm worker nodes then on loadbalancer service type, then in external IP it will show my NLB DNA record

@AntonPutra Жыл бұрын

Not sure, but kubeadm works with metallb if you need on-prem setup.

@johnniewalker1470 11 ай бұрын

Hi! How do you know which version to use in resource "helm_release" "aws-load-balancer-controller", version = "1.4.1" #? and in tag: set { name = "image.tag" value = "v2.4.2" #? where did you get it? Thanks!

@AntonPutra 11 ай бұрын

At this point you can use default one that comes with the helm chart

@code1530 2 жыл бұрын

just subscribed! awesome tutorial. Do you have a video guide how to connect eks to database using terraform?

@AntonPutra 2 жыл бұрын

Thanks! which one? dynamodb? I don't but I'm going to create soon how to invoke lambda from eks, same principle will apply

@code1530 2 жыл бұрын

@@AntonPutra a simple container app using env amd secrets to connect to rds

@vitaerial882 Жыл бұрын

Awesome

@AntonPutra Жыл бұрын

Thanks vitaerial!

@sergeidjprime8349 2 жыл бұрын

Hey! Thanks for the video! How much different would it be to use AWS Load Balancer Controller on a self-hosted k8s?

@AntonPutra 2 жыл бұрын

Thanks, you just need to attach IAM policy to nodes instead of using IAM roles for service accounts.

@George-mk7lp Жыл бұрын

do you have terraform code to deploy external dns as well? The same way you did for aws ingress wiht helm. Thanks for your hard work as always!

@AntonPutra Жыл бұрын

Thanks Alex, I don't but i think it's should be straigh forward to include this helm chart to tf - github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns#externaldns terraform/helm example - github.com/antonputra/tutorials/blob/main/lessons/155/istio-terraform/1-istio-base.tf

@user-kd1yl2wv6g Жыл бұрын

how to create the health checks for the target groups that are created by the controller ? is there a way to create it via terraform ?

@AntonPutra Жыл бұрын

Generally you don't need to create extra health checks besides the ones created by the aws load balancer controller. If you're looking to manage your own load balancer, check this - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/guide/use_cases/self_managed_lb/

@shubhamdeshpande2588 Жыл бұрын

Thanks for the video❤ I should use only one right either terraform or helm while deploying load balancer controller right?

@AntonPutra Жыл бұрын

Welcome, you can use terraform helm provider to deploy load balancer controller.

@davidvillasmil1468 4 ай бұрын

how do i get url = aws_eks_cluster.cluster.identity[0].oidc[0].issuer if i'm declaring the eks not as a "aws_eks_ckuster" resource but as a module? (module "eks") can't figure that out

@AntonPutra 4 ай бұрын

something like this - github.com/antonputra/tutorials/blob/e1c48ccb8888ac6f079cfb520b4f010388dd81ec/lessons/006/main.tf#L14 Keep in mind, you module needs to have output variable

@davidvillasmil1468 4 ай бұрын

This is great, thanks!!

@Davidlavieri Жыл бұрын

I love all kubernetes related things, sadly it's an overkill for my company and we stick to simple self managed docker swarm, soon to be ECS autoscalable

@AntonPutra Жыл бұрын

Sometimes I think it's easier to deploy standalone VMs, a lot of overhead and hidden cost in Kubernetes

@JackReacher1 2 жыл бұрын

Can somebody use an alb present not spun up by the load balancer controller as the single alb used by ingress classes? Or using 1 alb from eks as well as for ec2s outside the eks not possible at the same time?

@AntonPutra 2 жыл бұрын

Yes, you can use TargetGroupBinding, "can expose your pods using an existing..". Take a look on doc - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/targetgroupbinding/targetgroupbinding/

@mikhailsh8916 2 жыл бұрын

Thanks

@AntonPutra 2 жыл бұрын

No problem

@omkarchavan7750 Жыл бұрын

Hi AntonPutra, you are doing great. just wanted know how can we deploy the nginx ingress controller using terraform?

@AntonPutra Жыл бұрын

Thanks, here is an example - github.com/antonputra/tutorials/blob/main/lessons/167/terraform/10-helm-ingress.tf

@HyperTrendz Жыл бұрын

do we always have to mention host in Ingress controller?

@AntonPutra Жыл бұрын

No but it’s highly recommended, if you don’t it’s going to be a wildcard

@donnytri8456 Жыл бұрын

Very helpful tutorial, anyway I have a question about best practice for deploying more than 1 EKS Cluster, Should I create 2 load balancer controller ?? adding user on role or do you have any idea ?? Thank you very much @Anton Putra

@AntonPutra Жыл бұрын

you need to deployed alb controller to each cluster, but better look into nginx or istio/linkerd (you can get lots more for free)

@donnytri8456 Жыл бұрын

@@AntonPutra I see but it seems when I try to deploy ingress, on load balancer controller logs it says No OpenIDConnect provider... I have created new oidc for new cluster and assigned new role and following along with your tutorial (the first cluster has no issue)

@davidvillasmil1468 4 ай бұрын

Thank you very very much for your turorials! Is this valid for 1.29?

@AntonPutra 4 ай бұрын

Yes, but there are some limitations, and most likely you would keep using one ALB per one ingress in prod - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#ingressgroup

@davidvillasmil1468 4 ай бұрын

Thanks, Anton! I will test it tonight!

@AntonPutra 4 ай бұрын

@@davidvillasmil1468 i still prefer nginx ingress, you can scape ingress (prom metrics) to get all metrics (latency, availability etc all 4 golden signals out of box) with alb controller you forced to expose metrics on each app. By the way I'll release refreshed video soon with pod identities instead of irsa

@wassimbenregaya5445 2 жыл бұрын

Great walkthrough and Excellent work ! but how about to use aws load balancer juste to controle the life cycle of an ALB then create an ingress resource in aws load balancer to route all the traffic to an ingnix controller then create multiple ingresses in ngnix controller so u have all ur services in cluster ip and juste one with nodePort does thin work ?

@AntonPutra 2 жыл бұрын

Thanks, didn't get a question. You can use either aws load balancer controller or nginx controller to fulfill the ingress resource.

@wassimbenregaya5445 2 жыл бұрын

@@AntonPutra cannot be possible to work with both ? the aws LB to create the application LB then create an ingress resoursse to route all the traffic to the ngnix controller who will be responsable to route the trafic to each microservice with the ingress rules

@wassimbenregaya5445 2 жыл бұрын

@@AntonPutra i want to do that architecture can u help me with that ?

@AntonPutra 2 жыл бұрын

@@wassimbenregaya5445 you can use alb controller to create network load balancer for Nginx

@pikachu3686 5 ай бұрын

can i use nginx load balancer in place of aws load balancer

@AntonPutra 5 ай бұрын

Right, what you'll want to do is use the AWS Load Balancer Controller to create a Network Load Balancer for the Nginx Ingress Controller. I have a video - kzbin.info/www/bejne/m4HUhqRma7yigs0

@pikachu3686 5 ай бұрын

@@AntonPutra thanks sir

@randomreddy2701 Жыл бұрын

that cert-manager yaml file link is not there

@AntonPutra Жыл бұрын

You can use the following command to install cert-manager - kubectl apply -f github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml

@180doman Жыл бұрын

Does anybody else has problems with destroying ingresses / loadbalancers created from terraform? It seems like there is a problem with security groups created for each loadbalancer

@AntonPutra Жыл бұрын

Before you run "terraform destroy" you need to delete kubernetes objects that manage application load balancers. Something like kubectl delete -f ingress.yaml or service.yaml.

@180doman Жыл бұрын

@@AntonPutra I found that problem is more serious. Currently I have 1 ingress set with terraform for grafana service. It is being created correctly. But i cannot delete it. Neither by terraform destroy, not even kubectl delete. Finalizers in ingress objects AND in namespace which contains those ingresses prevents them from deletion. So i have to remove them with kubectl patch or curl. I already spent few days investigating this. Currently im messing arrount with policies and roles to find a clue.

@Crisp3333 2 жыл бұрын

Why do yo have it still going through http when you already have it going through https? Isn't that insecure the fact that it can still be accessed with http?

@AntonPutra 2 жыл бұрын

You can use plain http with internal services that can be accessed only within your VPC

@Crisp3333 2 жыл бұрын

@@AntonPutra Thanks for your explanation. For me everything looks fine, however, when I do kubectl get ing -n I do not get and ADDRESS, and I also notice I do not have any load balancer present in ec2 control pane. Any recommendations? Error message: Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

@2mahender Жыл бұрын

how to make NLB to use 443?

@AntonPutra Жыл бұрын

I have a section for 443/TLS -> 18:02 Secure Ingress with SSL/TLS

@2mahender Жыл бұрын

@@AntonPutra do i need ingress.yaml for NLB also?

@aryadiadi6888 Жыл бұрын

Great content bro, thank you. Your name likes indonesian name, are you from indonesia ?

@AntonPutra Жыл бұрын

Thanks aryadi! No, but I was told the same many times when I was in Bali =)

@aryadiadi6888 Жыл бұрын

Hi Anton, I got an error in the ingress. default-http-backend:80 (

@aryadiadi6888 Жыл бұрын

why this error occur ?

@aryadiadi6888 Жыл бұрын

response of alb is 404 not found

@aryadiadi6888 Жыл бұрын

Hi Anton, I have solved the problem. wrong host in the ingress

@mubasharsaeed3705 2 жыл бұрын

can you share me iam policy. i did find policy in your git file.

@AntonPutra 2 жыл бұрын

This one? github.com/antonputra/tutorials/blob/main/lessons/112/ExternalDNSAccess.json

@AntonPutra Жыл бұрын

Get Full-Length High-Quality DevOps Tutorials for Free - Subscribe Now! - kzbin.info

@AntonPutra Жыл бұрын

🟢 [New] Terragrunt Tutorial: Create VPC, EKS from Scratch! (Step-by-Step) - kzbin.info/www/bejne/r5XYeZSFn5iLg8k

@AntonPutra 2 жыл бұрын

🔴UPDATED🔴 How to create EKS Cluster using Terraform MODULES (AWS Load Balancer Controller + Autoscaler + IRSA) - kzbin.info/www/bejne/oYOunpaPeJxkgJY Monitor EKS & EC2 instances with MANAGED Prometheus - kzbin.info/www/bejne/Y5-4goF8dr1oiqs

@AntonPutra Жыл бұрын

👉 How to Manage Secrets in Terraform - kzbin.info/www/bejne/aX-TpXqBrNt1mqM 👉 Terraform Tips & Tricks - kzbin.info/www/bejne/bYScZaKLid5lsJY 👉 ArgoCD Tutorial - kzbin.info/www/bejne/sHjRlZqafMZkisU