🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: kzbin.info/aero/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l&si=wc6LIC5V2tD-Tzwl
@kevaljoshi-k5y2 жыл бұрын
I have gone through so many articles on google and youtube videos. This is the best video so far.
@AntonPutra2 жыл бұрын
Thanks one more is coming on the topic
@bnssoftware329211 ай бұрын
This video series is pure gold. Thank you very much.
@AntonPutra11 ай бұрын
Thank you!
@garrydias7 ай бұрын
The most complete! Amazing. A little bit fast but everything is there and plus: raw, helm terraform.. amazing!!
@AntonPutra7 ай бұрын
thank you!!
@ivanyakimenko232111 ай бұрын
High quality content only! It's the second time Your video helps me to figure out how to deal with k8s! Keep going!
@AntonPutra11 ай бұрын
Thank you, Ivan!
@Oxxygen_io20 күн бұрын
Thanks mate, this is a good way to grasp the Terraform part of infrastructure.
@AntonPutra19 күн бұрын
thanks i have updated eks services if you're interested - kzbin.info/aero/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l
@YossiSilberhaft8 ай бұрын
This is exactly what I was looking for! Thanks for a brilliant video!
@thurnishaley7460 Жыл бұрын
Антон, большое спасибо за такие ценные видео!
@AntonPutra Жыл бұрын
Spasibo)
@oliviercousin-xy4ds5 ай бұрын
I definitively appreciate this video. Clear and didactic. Thanks a lot
@AntonPutra5 ай бұрын
thank you!
@tan_teta2 ай бұрын
This guy is way super smart 👏👏👏
@AntonPutra2 ай бұрын
thanks :) i have updated video - kzbin.info/www/bejne/a4nTgZyFh7OsZ9E
@argosbrave64154 ай бұрын
Thank God for you sir
@AntonPutra4 ай бұрын
😊
@davidcsidavidcsi10 ай бұрын
you saved my life man, thanks for posting this!
@AntonPutra10 ай бұрын
no problem!
@concept_la Жыл бұрын
Wow.. thank you soo much for the quality content. You have no idea how much I appreciate this video. If you are ever in Los Angeles let me know and I'll buy you a beer 🙌
@AntonPutra Жыл бұрын
Thanks, sure lol
@eugenm.5288 Жыл бұрын
The best explanation that I coud find in web. Thank you very much. It has really helped.
@AntonPutra Жыл бұрын
Thank you, Eugen! I appreciate it!
@rehantayyab8211 ай бұрын
High level steps to create eks cluster with terraform : 1. create vpc,subnets , route table and association , igw , nat etc 2.create proper iam roles and policies required for eks master and node groups 3. create eks cluster and node groups now how to access this cluster to run yaml files to create deployments and services etc ..... plz can u reply
@AntonPutra11 ай бұрын
You need to update your k8s config with "aws eks update-kubeconfig --name dev-demo --region us-east-2" replace region and name of the cluster
@faridakbarov4532 Жыл бұрын
its amazing Anton )) thanks a lot bro
@AntonPutra Жыл бұрын
welcome :)
@karthikreddy6638 Жыл бұрын
Hi Anton, Great video. Loved the detailed explanation. If possible please make a video on TLS Termination at Pods for end to end encryption.
@AntonPutra Жыл бұрын
well i have one with istio and end to end tls via gateway
@tiagobarreto41042 жыл бұрын
Hey man! Really GREAT content! Thank you!
@AntonPutra2 жыл бұрын
Hey, thanks!
@user-wp5hh3zw2m8 ай бұрын
thank you so much, such a great tutorial!!
@AntonPutra8 ай бұрын
Welcome!!
@pier_x0 Жыл бұрын
Great job as usual! Thanks It's a really peaty that the AWS Load Balancer Controller doesn't support the rewrite rules
@AntonPutra Жыл бұрын
Thanks, I know
@weyderfs Жыл бұрын
Great video, thanks for share, I've using Istio for K8s mesh, in my opinion it's more easier and simple to manage, but learn other methods it's very important.
@AntonPutra Жыл бұрын
Thanks, what about app mesh?
@opstalks Жыл бұрын
@@AntonPutra Yes, about networking service mesh, discovery. Istio works like that, including gateway and ingress controllers.
@elad3958 Жыл бұрын
Absoulely needed this!. I just subcsribed.
@AntonPutra Жыл бұрын
Thanks El!
@athiqurrahman1212 Жыл бұрын
is it possible to use singel ALB to terminate mutiple SSL hosts that are using the same ACM?
@AntonPutra Жыл бұрын
I guess you could use multiple alternative names when issuing the certificate. However, it can be a nightmare to maintain in the long term, especially if you need to add new DNS entries or remove deprecated ones.
@timo20802 жыл бұрын
Hey, I love your work and videos! Keep it going. Question, is it still not possible to make aws-loadbalancer-controller work to issue letsencrypt or zerossl certificates? Do we still have to use ingress-nginx controller in 2022 because aws-loadbalancer-controller is ment to issue only AWS certificates? 😛 I can issue certificates from zerossl with cert-manager annotation, but the aws-loadbalancer-controller cannot discover those certificates unfortunately.
@davidvillasmil146810 ай бұрын
very nice tutorial! i can't figure out how to create the ALB on an EXISTING eks...
@AntonPutra10 ай бұрын
Why? What's the problem? Do you use helm cli to deploy or terraform?
@fabianvivanco65552 жыл бұрын
Excellent video! I have a question. Is it recommended to use alb ingress controller in production environments? Since it requires a Nodeport service and that is a security hole because we are opening a port of our instance.
@AntonPutra2 жыл бұрын
Thanks! Even if you expose your app with load balancer, it will open node ports. You still have security groups in place that block unauthorized access. But I would recommend to use ip mode anyway.
@msrraoudh10 ай бұрын
Hey anton, i like your videos the way you do them ! can you please do a video for eks with keda autoscaling ! thanks
@AntonPutra10 ай бұрын
Sure, just put it in my list!
@221341shanky2 жыл бұрын
Awesome content!!. Got everything I was looking for in a single video. Will the cost be more for ALB in comparison to Classic load balancer and how can I calculate the cost? And how we can have ingress create Classic Load Balancer instead of ALB? Thanks again for the video!
@AntonPutra2 жыл бұрын
Thanks! You shouldn't use Classic load balancer at all, better to migrate to NLB. In term of pricing ALB a little bit more expensive than NLB - aws.amazon.com/elasticloadbalancing/pricing/ You can use AWS Load balancer controller to provision services of type "LoadBalancer" with NLB
@rahulvarma21002 жыл бұрын
Great walkthrough ! For a of service type ClusterIP, is it mandatory to have external-dns ? If not, what the configuration would be in the ingress manifest ?
@AntonPutra2 жыл бұрын
Thanks, do you mean external-dns plugin to automatically create DNS records, not at all
@himanshumahajan59611 ай бұрын
@antonPutra if we are changing image for service b then its not working for service b using only path based routing , which looks like service not available , can you help
@AntonPutra11 ай бұрын
Well, alb controller has some limitations related to rewriting but it should work in the case you described
@cartoonify-ai Жыл бұрын
Can we configure aws load balancer with kubedam setup cluster so that when I connect my network load balancer with kubeadm worker nodes then on loadbalancer service type, then in external IP it will show my NLB DNA record
@AntonPutra Жыл бұрын
Not sure, but kubeadm works with metallb if you need on-prem setup.
@johnniewalker147011 ай бұрын
Hi! How do you know which version to use in resource "helm_release" "aws-load-balancer-controller", version = "1.4.1" #? and in tag: set { name = "image.tag" value = "v2.4.2" #? where did you get it? Thanks!
@AntonPutra11 ай бұрын
At this point you can use default one that comes with the helm chart
@code15302 жыл бұрын
just subscribed! awesome tutorial. Do you have a video guide how to connect eks to database using terraform?
@AntonPutra2 жыл бұрын
Thanks! which one? dynamodb? I don't but I'm going to create soon how to invoke lambda from eks, same principle will apply
@code15302 жыл бұрын
@@AntonPutra a simple container app using env amd secrets to connect to rds
@vitaerial882 Жыл бұрын
Awesome
@AntonPutra Жыл бұрын
Thanks vitaerial!
@sergeidjprime83492 жыл бұрын
Hey! Thanks for the video! How much different would it be to use AWS Load Balancer Controller on a self-hosted k8s?
@AntonPutra2 жыл бұрын
Thanks, you just need to attach IAM policy to nodes instead of using IAM roles for service accounts.
@George-mk7lp Жыл бұрын
do you have terraform code to deploy external dns as well? The same way you did for aws ingress wiht helm. Thanks for your hard work as always!
@AntonPutra Жыл бұрын
Thanks Alex, I don't but i think it's should be straigh forward to include this helm chart to tf - github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns#externaldns terraform/helm example - github.com/antonputra/tutorials/blob/main/lessons/155/istio-terraform/1-istio-base.tf
@user-kd1yl2wv6g Жыл бұрын
how to create the health checks for the target groups that are created by the controller ? is there a way to create it via terraform ?
@AntonPutra Жыл бұрын
Generally you don't need to create extra health checks besides the ones created by the aws load balancer controller. If you're looking to manage your own load balancer, check this - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/guide/use_cases/self_managed_lb/
@shubhamdeshpande2588 Жыл бұрын
Thanks for the video❤ I should use only one right either terraform or helm while deploying load balancer controller right?
@AntonPutra Жыл бұрын
Welcome, you can use terraform helm provider to deploy load balancer controller.
@davidvillasmil14684 ай бұрын
how do i get url = aws_eks_cluster.cluster.identity[0].oidc[0].issuer if i'm declaring the eks not as a "aws_eks_ckuster" resource but as a module? (module "eks") can't figure that out
@AntonPutra4 ай бұрын
something like this - github.com/antonputra/tutorials/blob/e1c48ccb8888ac6f079cfb520b4f010388dd81ec/lessons/006/main.tf#L14 Keep in mind, you module needs to have output variable
@davidvillasmil14684 ай бұрын
This is great, thanks!!
@Davidlavieri Жыл бұрын
I love all kubernetes related things, sadly it's an overkill for my company and we stick to simple self managed docker swarm, soon to be ECS autoscalable
@AntonPutra Жыл бұрын
Sometimes I think it's easier to deploy standalone VMs, a lot of overhead and hidden cost in Kubernetes
@JackReacher12 жыл бұрын
Can somebody use an alb present not spun up by the load balancer controller as the single alb used by ingress classes? Or using 1 alb from eks as well as for ec2s outside the eks not possible at the same time?
@AntonPutra2 жыл бұрын
Yes, you can use TargetGroupBinding, "can expose your pods using an existing..". Take a look on doc - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/targetgroupbinding/targetgroupbinding/
@mikhailsh89162 жыл бұрын
Thanks
@AntonPutra2 жыл бұрын
No problem
@omkarchavan7750 Жыл бұрын
Hi AntonPutra, you are doing great. just wanted know how can we deploy the nginx ingress controller using terraform?
@AntonPutra Жыл бұрын
Thanks, here is an example - github.com/antonputra/tutorials/blob/main/lessons/167/terraform/10-helm-ingress.tf
@HyperTrendz Жыл бұрын
do we always have to mention host in Ingress controller?
@AntonPutra Жыл бұрын
No but it’s highly recommended, if you don’t it’s going to be a wildcard
@donnytri8456 Жыл бұрын
Very helpful tutorial, anyway I have a question about best practice for deploying more than 1 EKS Cluster, Should I create 2 load balancer controller ?? adding user on role or do you have any idea ?? Thank you very much @Anton Putra
@AntonPutra Жыл бұрын
you need to deployed alb controller to each cluster, but better look into nginx or istio/linkerd (you can get lots more for free)
@donnytri8456 Жыл бұрын
@@AntonPutra I see but it seems when I try to deploy ingress, on load balancer controller logs it says No OpenIDConnect provider... I have created new oidc for new cluster and assigned new role and following along with your tutorial (the first cluster has no issue)
@davidvillasmil14684 ай бұрын
Thank you very very much for your turorials! Is this valid for 1.29?
@AntonPutra4 ай бұрын
Yes, but there are some limitations, and most likely you would keep using one ALB per one ingress in prod - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#ingressgroup
@davidvillasmil14684 ай бұрын
Thanks, Anton! I will test it tonight!
@AntonPutra4 ай бұрын
@@davidvillasmil1468 i still prefer nginx ingress, you can scape ingress (prom metrics) to get all metrics (latency, availability etc all 4 golden signals out of box) with alb controller you forced to expose metrics on each app. By the way I'll release refreshed video soon with pod identities instead of irsa
@wassimbenregaya54452 жыл бұрын
Great walkthrough and Excellent work ! but how about to use aws load balancer juste to controle the life cycle of an ALB then create an ingress resource in aws load balancer to route all the traffic to an ingnix controller then create multiple ingresses in ngnix controller so u have all ur services in cluster ip and juste one with nodePort does thin work ?
@AntonPutra2 жыл бұрын
Thanks, didn't get a question. You can use either aws load balancer controller or nginx controller to fulfill the ingress resource.
@wassimbenregaya54452 жыл бұрын
@@AntonPutra cannot be possible to work with both ? the aws LB to create the application LB then create an ingress resoursse to route all the traffic to the ngnix controller who will be responsable to route the trafic to each microservice with the ingress rules
@wassimbenregaya54452 жыл бұрын
@@AntonPutra i want to do that architecture can u help me with that ?
@AntonPutra2 жыл бұрын
@@wassimbenregaya5445 you can use alb controller to create network load balancer for Nginx
@pikachu36865 ай бұрын
can i use nginx load balancer in place of aws load balancer
@AntonPutra5 ай бұрын
Right, what you'll want to do is use the AWS Load Balancer Controller to create a Network Load Balancer for the Nginx Ingress Controller. I have a video - kzbin.info/www/bejne/m4HUhqRma7yigs0
@pikachu36865 ай бұрын
@@AntonPutra thanks sir
@randomreddy2701 Жыл бұрын
that cert-manager yaml file link is not there
@AntonPutra Жыл бұрын
You can use the following command to install cert-manager - kubectl apply -f github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
@180doman Жыл бұрын
Does anybody else has problems with destroying ingresses / loadbalancers created from terraform? It seems like there is a problem with security groups created for each loadbalancer
@AntonPutra Жыл бұрын
Before you run "terraform destroy" you need to delete kubernetes objects that manage application load balancers. Something like kubectl delete -f ingress.yaml or service.yaml.
@180doman Жыл бұрын
@@AntonPutra I found that problem is more serious. Currently I have 1 ingress set with terraform for grafana service. It is being created correctly. But i cannot delete it. Neither by terraform destroy, not even kubectl delete. Finalizers in ingress objects AND in namespace which contains those ingresses prevents them from deletion. So i have to remove them with kubectl patch or curl. I already spent few days investigating this. Currently im messing arrount with policies and roles to find a clue.
@Crisp33332 жыл бұрын
Why do yo have it still going through http when you already have it going through https? Isn't that insecure the fact that it can still be accessed with http?
@AntonPutra2 жыл бұрын
You can use plain http with internal services that can be accessed only within your VPC
@Crisp33332 жыл бұрын
@@AntonPutra Thanks for your explanation. For me everything looks fine, however, when I do kubectl get ing -n I do not get and ADDRESS, and I also notice I do not have any load balancer present in ec2 control pane. Any recommendations? Error message: Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet
@2mahender Жыл бұрын
how to make NLB to use 443?
@AntonPutra Жыл бұрын
I have a section for 443/TLS -> 18:02 Secure Ingress with SSL/TLS
@2mahender Жыл бұрын
@@AntonPutra do i need ingress.yaml for NLB also?
@aryadiadi6888 Жыл бұрын
Great content bro, thank you. Your name likes indonesian name, are you from indonesia ?
@AntonPutra Жыл бұрын
Thanks aryadi! No, but I was told the same many times when I was in Bali =)
@aryadiadi6888 Жыл бұрын
Hi Anton, I got an error in the ingress. default-http-backend:80 (
@aryadiadi6888 Жыл бұрын
why this error occur ?
@aryadiadi6888 Жыл бұрын
response of alb is 404 not found
@aryadiadi6888 Жыл бұрын
Hi Anton, I have solved the problem. wrong host in the ingress
@mubasharsaeed37052 жыл бұрын
can you share me iam policy. i did find policy in your git file.
@AntonPutra2 жыл бұрын
This one? github.com/antonputra/tutorials/blob/main/lessons/112/ExternalDNSAccess.json
@AntonPutra Жыл бұрын
Get Full-Length High-Quality DevOps Tutorials for Free - Subscribe Now! - kzbin.info