Installing the Amazon Load Balancer Controller add-on
The Amazon Load Balancer Controller manages Amazon Elastic Load Balancers for a Kubernetes cluster. The controller provisions the following resources:
-
An Amazon Application Load Balancer (ALB) when you create a Kubernetes
Ingress
. -
An Amazon Network Load Balancer (NLB) when you create a Kubernetes service of type
LoadBalancer
. In the past, the Kubernetes network load balancer was used for instance targets, but the Amazon Load balancer Controller was used for IP targets. With the Amazon Load Balancer Controller version2.3.0
or later, you can create NLBs using either target type. For more information about NLB target types, see Target type in the User Guide for Network Load Balancers.
The Amazon Load Balancer Controller was formerly named the Amazon ALB Ingress
Controller. It's an open-source
project
Prerequisites
-
An existing Amazon EKS cluster. To deploy one, see Getting started with Amazon EKS.
-
An existing Amazon Identity and Access Management (IAM) OpenID Connect (OIDC) provider for your cluster. To determine whether you already have one, or to create one, see Creating an IAM OIDC provider for your cluster.
-
If your cluster is
1.21
or later, make sure that your Amazon VPC CNI plugin for Kubernetes,kube-proxy
, and CoreDNS add-ons are at the minimum versions listed in Service account tokens. -
Familiarity with Amazon Elastic Load Balancing. For more information, see the Elastic Load Balancing User Guide.
To deploy the Amazon Load Balancer Controller to an Amazon EKS cluster
In the following steps, replace the
with your own values.example
values
-
Create an IAM policy.
-
Download an IAM policy for the Amazon Load Balancer Controller that allows it to make calls to Amazon APIs on your behalf.
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy_cn.json
-
Create an IAM policy using the policy downloaded in the previous step.
aws iam create-policy \ --policy-name
AWSLoadBalancerControllerIAMPolicy
\ --policy-document file://iam_policy_cn.jsonNote If you view the policy in the Amazon Web Services Management Console, the console shows warnings for the ELB service, but not for the ELB v2 service. This happens because some of the actions in the policy exist for ELB v2, but not for ELB. You can ignore the warnings for ELB.
-
-
Create an IAM role. Create a Kubernetes service account named
aws-load-balancer-controller
in thekube-system
namespace for the Amazon Load Balancer Controller and annotate the Kubernetes service account with the name of the IAM role.You can use
eksctl
or the Amazon CLI andkubectl
to create the IAM role and Kubernetes service account. (Optional) Configure the Amazon Security Token Service endpoint type used by your Kubernetes service account. For more information, see Configuring the Amazon Security Token Service endpoint for a service account.
If you don't currently have the Amazon ALB Ingress Controller for Kubernetes installed, or don't currently have the
0.1.x
version of the Amazon Load Balancer Controller installed with Helm, then skip to the next step.Uninstall the Amazon ALB Ingress Controller or
0.1.x
version of the Amazon Load Balancer Controller (only if installed with Helm). Complete the procedure using the tool that you originally installed it with. The Amazon Load Balancer Controller replaces the functionality of the Amazon ALB Ingress Controller for Kubernetes.-
Install the Amazon Load Balancer Controller using Helm V3 or later or by applying a Kubernetes manifest. If you want to deploy the controller on Fargate, use the Helm procedure. The Helm procedure doesn't depend on
cert-manager
because it generates a self-signed certificate. -
Verify that the controller is installed.
kubectl get deployment -n kube-system aws-load-balancer-controller
The example output is as follows.
NAME READY UP-TO-DATE AVAILABLE AGE aws-load-balancer-controller 2/2 2 2 84s
You receive the previous output if you deployed using Helm. If you deployed using the Kubernetes manifest, you only have one replica.
-
Before using the controller to provision Amazon resources, your cluster must meet specific requirements. For more information, see Application load balancing on Amazon EKS and Network load balancing on Amazon EKS.