Migrate from Deprecated Controller
This topic describes how to migrate from deprecated controller versions. More specifically, it describes how to remove deprecated versions of the Amazon Load Balancer Controller.
-
Deprecated versions cannot be upgraded. They must be removed and a current version of the LBC installed.
-
Deprecated versions include:
-
Amazon ALB Ingress Controller for Kubernetes ("Ingress Controller"), a predecessor to the Amazon Load Balancer Controller.
-
Any
0.1.x
version of the Amazon Load Balancer Controller
-
Remove Deprecated Controller Version
Note
You may have installed the deprecated version using Helm or manually with Kubernetes manifests. Complete the procedure using the tool that you originally installed it with.
Remove Ingress Controller using Helm
-
If you installed the
incubator/aws-alb-ingress-controller
Helm chart, uninstall it.$
helm delete aws-alb-ingress-controller -n kube-system
-
If you have version
0.1.x
of theeks-charts/aws-load-balancer-controller
chart installed, uninstall it. The upgrade from0.1.x
to version1.0.0
doesn't work due to incompatibility with the webhook API version.$
helm delete aws-load-balancer-controller -n kube-system
Remove Ingress Controller using Kubernetes manifest
-
Check to see if the controller is currently installed.
$
kubectl get deployment -n kube-system alb-ingress-controller
This is the output if the controller isn't installed.
Error from server (NotFound): deployments.apps "alb-ingress-controller" not found
This is the output if the controller is installed.
NAME READY UP-TO-DATE AVAILABLE AGE alb-ingress-controller 1/1 1 1 122d
-
Enter the following commands to remove the controller.
$
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.8/docs/examples/alb-ingress-controller.yaml kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.8/docs/examples/rbac-role.yaml
Migrate to Amazon Load Balancer Controller
To migrate from the ALB Ingress Controller for Kubernetes to the Amazon Load Balancer Controller, you need to:
-
Remove the ALB Ingress Controller (see above).
-
Add an additional policy to the IAM Role used by the LBC. This policy permits the LBC to manage resources created by the ALB Ingress Controller for Kubernetes.
Add Migration Policy to Amazon Load Balancer Controller IAM role.
-
Download the IAM policy. This policy permits the LBC to manage resources created by the ALB Ingress Controller for Kubernetes. You can also view the policy
. $
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.7.2/docs/install/iam_policy_v1_to_v2_additional.json
-
Replace
arn:aws:
in the file witharn:aws-cn:
.$
sed -i.bak -e 's|arn:aws:|arn:aws-cn:|' iam_policy_v1_to_v2_additional.json
-
Create the IAM policy and note the ARN that is returned.
$
aws iam create-policy \ --policy-name
AWSLoadBalancerControllerAdditionalIAMPolicy
\ --policy-document file://iam_policy_v1_to_v2_additional.json -
Attach the IAM policy to the IAM role used by the LBC. Replace
with the name of the role, such asyour-role-name
AmazonEKSLoadBalancerControllerRole
.If you created the role using
eksctl
, then to find the role name that was created, open the Amazon CloudFormation consoleand select the eksctl- my-cluster
-addon-iamserviceaccount-kube-system-aws-load-balancer-controller stack. Select the Resources tab. The role name is in the Physical ID column.$
aws iam attach-role-policy \ --role-name
your-role-name
\ --policy-arn arn:aws-cn:iam::111122223333
:policy/AWSLoadBalancerControllerAdditionalIAMPolicy