AWS-EKS-07--安装 AWS Load Balancer Controller 附加组件

发表于 2023-07-07 更新于 2024-04-03 分类于技术， aws ， eks

阅读次数：本文字数： 1.4k 阅读时长 ≈ 5 分钟

摘要

本文介绍为EKS集群安装 AWS Load Balancer Controller 附加组件
参考资料：
- Amazon EKS用户指南
- Kubernetes 文档

安装 AWS Load Balancer Controller 附加组件

AWS Load Balancer Controller 管理适用于 Kubernetes 集群的 AWS 弹性负载均衡器。此控制器预置以下资源：
- 当您创建 Kubernetes Ingress 时的 AWS 应用程序负载均衡器 (ALB, Application Load Balancer)。
- 当您创建 LoadBalancer 类型的 Kubernetes 服务时的 AWS 网络负载均衡器（NLB）。
关于如何创建ingress和service，后面会介绍。

创建一个 IAM policy

# 下载 AWS Load Balancer Controller 的 IAM policy，该策略允许负载均衡器代表您调用 AWS API。
$ curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json

# 使用上一步中下载的策略创建一个 IAM policy
$ aws iam create-policy \
    --profile eks-us-west-2 \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json
{
    "Policy": {
        "PolicyName": "AWSLoadBalancerControllerIAMPolicy",
        "PolicyId": "ANPA22DP3G4GO5O54MRRX",
        "Arn": "arn:aws:iam::743263909655:policy/AWSLoadBalancerControllerIAMPolicy",
        "Path": "/",
        "DefaultVersionId": "v1",
        "AttachmentCount": 0,
        "PermissionsBoundaryUsageCount": 0,
        "IsAttachable": true,
        "CreateDate": "2023-07-04T09:15:56+00:00",
        "UpdateDate": "2023-07-04T09:15:56+00:00"
    }
}

创建一个 IAM 角色

# 在 AWS Load Balancer Controller 的 kube-system 命名空间中创建名为 aws-load-balancer-controller 的 Kubernetes 服务账户，并使用 IAM 角色的名称注释 Kubernetes 服务账户。
$ eksctl create iamserviceaccount \
  --cluster=eks-lexing \
  --profile eks-us-west-2 \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --role-name AmazonEKSLoadBalancerControllerRole \
  --attach-policy-arn=arn:aws:iam::743263909655:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve
2023-07-04 17:20:08 [ℹ]  3 existing iamserviceaccount(s) (kube-system/aws-node,kube-system/ebs-csi-controller-sa,kube-system/efs-csi-controller-sa) will be excluded
2023-07-04 17:20:08 [ℹ]  1 iamserviceaccount (kube-system/aws-load-balancer-controller) was included (based on the include/exclude rules)
2023-07-04 17:20:08 [!]  serviceaccounts that exist in Kubernetes will be excluded, use --override-existing-serviceaccounts to override
2023-07-04 17:20:08 [ℹ]  1 task: {
    2 sequential sub-tasks: {
        create IAM role for serviceaccount "kube-system/aws-load-balancer-controller",
        create serviceaccount "kube-system/aws-load-balancer-controller",
    } }2023-07-04 17:20:08 [ℹ]  building iamserviceaccount stack "eksctl-eks-lexing-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2023-07-04 17:20:09 [ℹ]  deploying stack "eksctl-eks-lexing-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2023-07-04 17:20:09 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2023-07-04 17:20:40 [ℹ]  waiting for CloudFormation stack "eksctl-eks-lexing-addon-iamserviceaccount-kube-system-aws-load-balancer-controller"
2023-07-04 17:20:41 [ℹ]  created serviceaccount "kube-system/aws-load-balancer-controller"

使用 Helm V3来安装 AWS Load Balancer Controller

# 添加 eks-charts 存储库
$ helm repo add eks https://aws.github.io/eks-charts

# 更新您的本地存储库，以确保您拥有最新的图表
$ helm repo update eks

# 安装 AWS Load Balancer Controller
$ helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=eks-lexing \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller
NAME: aws-load-balancer-controller
LAST DEPLOYED: Tue Jul  4 17:26:05 2023
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

验证控制器是否已经安装

# 查看deployment
$ kubectl get deployment -n kube-system aws-load-balancer-controller
NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
aws-load-balancer-controller   2/2     2            2           21s

# 查看ingressclasses
$ k get ingressclasses
NAME   CONTROLLER            PARAMETERS   AGE
alb    ingress.k8s.aws/alb   <none>       21s

更新AWS Load Balancer Controller

已部署的图表不会自动接收安全更新。当新图表可用时，您需要手动升级到新图表。

# 更新AWS Load Balancer Controller
$ kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
Warning: resource customresourcedefinitions/ingressclassparams.elbv2.k8s.aws is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/ingressclassparams.elbv2.k8s.aws configured
Warning: resource customresourcedefinitions/targetgroupbindings.elbv2.k8s.aws is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/targetgroupbindings.elbv2.k8s.aws configured

$ helm upgrade aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=eks-lexing \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller
Release "aws-load-balancer-controller" has been upgraded. Happy Helming!
NAME: aws-load-balancer-controller
LAST DEPLOYED: Tue Jul  4 17:31:37 2023
NAMESPACE: kube-system
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

可以先查看是否有可用更新

# 查看通过helm已经安装了哪些发布包及其版本
$ helm list --all-namespaces
NAME                        	NAMESPACE  	REVISION	UPDATED                             	STATUS  	CHART                             	APP VERSION
aws-efs-csi-driver          	kube-system	3       	2023-07-03 16:08:38.481521 +0800 CST	deployed	aws-efs-csi-driver-2.4.6          	1.5.7
aws-load-balancer-controller	kube-system	2       	2023-07-04 17:31:37.839466 +0800 CST	deployed	aws-load-balancer-controller-1.5.4	v2.5.3

# 更新仓库最新的索引
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "aws-efs-csi-driver" chart repository
...Successfully got an update from the "eks" chart repository
Update Complete. ⎈Happy Helming!⎈

# 查看可用的最新版本
$ helm search repo load-balancer
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION
eks/aws-load-balancer-controller	1.5.4        	v2.5.3     	AWS Load Balancer Controller Helm chart for Kub...

# 查看所有版本
$ helm search repo load-balancer -l
NAME                            	CHART VERSION	APP VERSION	DESCRIPTION
eks/aws-load-balancer-controller	1.5.4        	v2.5.3     	AWS Load Balancer Controller Helm chart for Kub...
eks/aws-load-balancer-controller	1.5.3        	v2.5.2     	AWS Load Balancer Controller Helm chart for Kub...
eks/aws-load-balancer-controller	1.5.2        	v2.5.1     	AWS Load Balancer Controller Helm chart for Kub...
eks/aws-load-balancer-controller	1.5.1        	v2.5.1     	AWS Load Balancer Controller Helm chart for Kub...
eks/aws-load-balancer-controller	1.5.0        	v2.5.0     	AWS Load Balancer Controller Helm chart for Kub...
eks/aws-load-balancer-controller	1.4.8        	v2.4.7     	AWS Load Balancer Controller Helm chart for Kub...
eks/aws-load-balancer-controller	1.4.7        	v2.4.6     	AWS Load Balancer Controller Helm chart for Kub...