Help improve this page
Want to contribute to this user guide? Choose the Edit this page on GitHub link that is located in the right pane of every page. Your contributions will help make our user guide better for everyone.
Migrate apps from deprecated ALB Ingress Controller
This topic describes how to migrate from deprecated controller versions. More specifically, it describes how to remove deprecated versions of the Amazon Load Balancer Controller.
-
Deprecated versions cannot be upgraded. You must remove them first, and then install a current version.
-
Deprecated versions include:
-
Amazon ALB Ingress Controller for Kubernetes ("Ingress Controller"), a predecessor to the Amazon Load Balancer Controller.
-
Any
0.1.
version of the Amazon Load Balancer Controllerx
-
Remove the deprecated controller version
Note
You may have installed the deprecated version using Helm or manually with Kubernetes manifests. Complete the procedure using the tool that you originally installed it with.
-
If you installed the
incubator/aws-alb-ingress-controller
Helm chart, uninstall it.helm delete aws-alb-ingress-controller -n kube-system
-
If you have version
0.1.
of thex
eks-charts/aws-load-balancer-controller
chart installed, uninstall it. The upgrade from0.1.
to versionx
1.0.0
doesn’t work due to incompatibility with the webhook API version.helm delete aws-load-balancer-controller -n kube-system
-
Check to see if the controller is currently installed.
kubectl get deployment -n kube-system alb-ingress-controller
This is the output if the controller isn’t installed.
+ This is the output if the controller is installed.
+
NAME READY UP-TO-DATE AVAILABLE AGE alb-ingress-controller 1/1 1 1 122d
-
Enter the following commands to remove the controller.
kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.8/docs/examples/alb-ingress-controller.yaml kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.8/docs/examples/rbac-role.yaml
Migrate to Amazon Load Balancer Controller
To migrate from the ALB Ingress Controller for Kubernetes to the Amazon Load Balancer Controller, you need to:
-
Remove the ALB Ingress Controller (see above).
-
Add an additional policy to the IAM Role used by the Amazon Load Balancer Controller. This policy permits the LBC to manage resources created by the ALB Ingress Controller for Kubernetes.
-
Download the IAM policy. This policy permits the Amazon Load Balancer Controller to manage resources created by the ALB Ingress Controller for Kubernetes. You can also view the policy
. curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.11.0/docs/install/iam_policy_v1_to_v2_additional.json
-
If your cluster is in the Amazon GovCloud (US-East) or Amazon GovCloud (US-West) Amazon Regions, then replace
arn:aws-cn:
witharn:aws-us-gov:
..sed -i.bak -e 's|arn:aws-cn:|arn:aws-us-gov:|' iam_policy_v1_to_v2_additional.json
-
Create the IAM policy and note the ARN that is returned.
aws iam create-policy \ --policy-name AWSLoadBalancerControllerAdditionalIAMPolicy \ --policy-document file://iam_policy_v1_to_v2_additional.json
-
Attach the IAM policy to the IAM role used by the Amazon Load Balancer Controller. Replace
your-role-name
with the name of the role, such asAmazonEKSLoadBalancerControllerRole
.If you created the role using
eksctl
, then to find the role name that was created, open the Amazon CloudFormation consoleand select the eksctl- my-cluster
-addon-iamserviceaccount-kube-system-aws-load-balancer-controller stack. Select the Resources tab. The role name is in the Physical ID column. If your cluster is in the Amazon GovCloud (US-East) or Amazon GovCloud (US-West) Amazon Regions, then replacearn:aws-cn:
witharn:aws-us-gov:
.aws iam attach-role-policy \ --role-name your-role-name \ --policy-arn arn:aws-cn:iam::111122223333:policy/AWSLoadBalancerControllerAdditionalIAMPolicy