Ingress Controller

Ingress Controllers

In order for the Ingress resource to work, the cluster must have an ingress controller running.

Unlike other types of controllers which run as part of the kube-controller-manager binary, Ingress controllers are not started automatically with a cluster.

AWS ALB Ingress Controller

AWS Elastic Load Balancing Application Load Balancer (ALB) is a popular AWS service that load balances incoming traffic at the application layer (layer 7) across multiple targets, such as Amazon EC2 instances, in multiple Availability Zones. ALB supports multiple features including host or path based routing, TLS (Transport Layer Security) termination, WebSockets, HTTP/2, AWS WAF (Web Application Firewall) integration, integrated access logs, and health checks.

The open source AWS ALB Ingress controller triggers the creation of an ALB and the necessary supporting AWS resources whenever a Kubernetes user declares an Ingress resource in the cluster. The Ingress resource uses the ALB to route HTTP(S) traffic to different endpoints within the cluster. The AWS ALB Ingress controller works on any Kubernetes cluster including Amazon Elastic Kubernetes Service (Amazon EKS).

Deploy AWS ALB Ingress controller

First, create an IAM OIDC provider and associate it with your cluster:

eksctl utils associate-iam-oidc-provider --cluster=eksworkshop-eksctl --approve

Learn more about IAM Roles for Service Accounts in the Amazon EKS documentation.

Next, deploy the relevant RBAC roles and role bindings as required by the AWS ALB Ingress controller:

kubectl apply -f${ALB_INGRESS_VERSION}/docs/examples/rbac-role.yaml

Next, create an IAM policy named ALBIngressControllerIAMPolicy to allow the ALB Ingress controller to make AWS API calls on your behalf and save the Policy.Arn into a new variable called PolicyARN:

#create the policy
aws iam create-policy \
  --policy-name ALBIngressControllerIAMPolicy \

#get the policy ARN
export PolicyARN=$(aws iam list-policies --query 'Policies[?PolicyName==`ALBIngressControllerIAMPolicy`].Arn' --output text)

Next, create a Kubernetes service account and an IAM role (for the pod running the AWS ALB Ingress controller):

eksctl create iamserviceaccount \
        --cluster=eksworkshop-eksctl \
        --namespace=kube-system \
        --name=alb-ingress-controller \
        --attach-policy-arn=$PolicyARN \
        --override-existing-serviceaccounts \

Then, deploy AWS ALB Ingress controller

# We dynamically replace the cluster-name by the name of our cluster before applying the YAML file
curl -sS "${ALB_INGRESS_VERSION}/docs/examples/alb-ingress-controller.yaml" \
    | sed 's/# - --cluster-name=devCluster/- --cluster-name=eksworkshop-eksctl/g' \
    | kubectl apply -f -

Verify that the deployment was successful and the controller started:

kubectl logs -n kube-system $(kubectl get po -n kube-system | egrep -o alb-ingress[a-zA-Z0-9-]+)

Finally, verify that the deployment was successful and the controller started:

AWS ALB Ingress controller
  Release:    v1.1.8
  Build:      git-ec387ad1

Deploy Sample Application

Now let’s deploy a sample 2048 game into our Kubernetes cluster and use the Ingress resource to expose it to traffic:

Deploy 2048 game resources:

kubectl apply -f${ALB_INGRESS_VERSION}/docs/examples/2048/2048-namespace.yaml
kubectl apply -f${ALB_INGRESS_VERSION}/docs/examples/2048/2048-deployment.yaml
kubectl apply -f${ALB_INGRESS_VERSION}/docs/examples/2048/2048-service.yaml

Deploy an Ingress resource for the 2048 game:

kubectl apply -f${ALB_INGRESS_VERSION}/docs/examples/2048/2048-ingress.yaml

After few seconds, verify that the Ingress resource is enabled:

kubectl get ingress/2048-ingress -n 2048-game

You should be able to see the following output:

NAME           HOSTS   ADDRESS                PORTS   AGE
2048-ingress   *       DNS-Name-Of-Your-ALB   80      3m

It could take 2 or 3 minutes for the ALB to be ready.

Open a browser and copy-paste your DNS-Name-Of-Your-ALB and you should be able to access your newly deployed 2048 game – have fun!