Skip to content

Overview

This document describes how customers can configure and use the AWS Load Balancer Controller to provide functionality to manage Elastic Load Balancers for EKS cluster running in AWS.The controller was recently rebranded to the AWS Load Balancer Controller and satisfies Kubernetes Ingress resources by provisioning Application Load Balancers (ALB) or Service resources by provisioning Network Load Balancers (NLB).

AWS Load Balancer Controller can operate at the application layer allowing users to intelligently route user requests through an ALB. Requests are routed to a defined target or target group when a user defined rule which is typically a URI AND hostname is matched.

For deployments that operate at the service layer a NLB in IP mode can be used to route traffic by a set of rules as well. A default round robin algorithm is used to route requests across the specified targets. AWS Load Balancer Controllers' integration with AWS Certificate Manager allows users to associate SSL certificates stored in ACM to their Load Balancers. This helps with performance as TLS termination is handled by the Load Balancer and not within the application.

What Will You Do

This exercise assumes you have already provisioned or imported an EKS cluster. In this multi-part recipe, you will perform the following:

Part 1

  • Create a custom cluster blueprint with the "AWS Load Balancer Controller" addon.

Part 2

  • Create an IAM Role for Service Accounts (IRSA) so the pod will have the necessary permissions to interact with AWS services. (Optional)
  • Apply the newly created cluster blueprint to your EKS Cluster

Part 3

  • Deploy a sample application which will create an Ingress resource and launch an AWS ALB.

Assumptions

  • You have an AWS account with sufficient privileges to provision an EKS cluster if one is not available using the Controller and to create IAM policies.
  • You have provisioned your cluster with an OpenID Connect (OIDC) provider or have the appropriate permissions.
  • You have access to an Org with a role to provision/import clusters and deploy workloads.