| title | description |
|---|---|
AWS EKS Kubernetes NLB Basics with Terraform |
Learn to use AWS Network Load Balancer with AWS EKS Kubernetes and Terraform |
- Understand more about
- AWS Cloud Provider Load Balancer Controller (Legacy): Creates AWS CLB and NLB
- AWS Load Balancer Controller (Latest): Creates AWS ALB and NLB
- Understand how the Kubernetes Service of Type Load Balancer which can create AWS NLB to be associated with latest
AWS Load Balancer Controller. - Understand various NLB Annotations
- File Name:
04-kube-manifests-nlb-basics/01-Nginx-App3-Deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app3-nginx-deployment
labels:
app: app3-nginx
spec:
replicas: 1
selector:
matchLabels:
app: app3-nginx
template:
metadata:
labels:
app: app3-nginx
spec:
containers:
- name: app2-nginx
image: stacksimplify/kubenginx:1.0.0
ports:
- containerPort: 80
- File Name:
04-kube-manifests-nlb-basics\02-LBC-NLB-LoadBalancer-Service.yml
apiVersion: v1
kind: Service
metadata:
name: basics-lbc-network-lb
annotations:
# Traffic Routing
service.beta.kubernetes.io/aws-load-balancer-name: basics-lbc-network-lb
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
#service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-xxxx, mySubnet ## Subnets are auto-discovered if this annotation is not specified, see Subnet Discovery for further details.
# Health Check Settings
service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: http
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: traffic-port
service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: /index.html
service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "3"
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "3"
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: "10" # The controller currently ignores the timeout configuration due to the limitations on the AWS NLB. The default timeout for TCP is 10s and HTTP is 6s.
# Access Control
service.beta.kubernetes.io/load-balancer-source-ranges: 0.0.0.0/0
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
# AWS Resource Tags
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: Environment=dev,Team=test
spec:
type: LoadBalancer
selector:
app: app3-nginx
ports:
- port: 80
targetPort: 80# Deploy kube-manifests
kubectl apply -f 04-kube-manifests-nlb-basics/
# Verify Pods
kubectl get pods
# Verify Services
kubectl get svc
Observation:
1. Verify the network lb DNS name
# Verify AWS Load Balancer Controller pod logs
kubectl -n kube-system get pods
kubectl -n kube-system logs -f <aws-load-balancer-controller-POD-NAME>
# Verify using AWS Mgmt Console
Go to Services -> EC2 -> Load Balancing -> Load Balancers
1. Verify Description Tab - DNS Name matching output of "kubectl get svc" External IP
2. Verify Listeners Tab
Go to Services -> EC2 -> Load Balancing -> Target Groups
1. Verify Registered targets
2. Verify Health Check path
# Access Application
http://<NLB-DNS-NAME># Delete or Undeploy kube-manifests
kubectl delete -f 04-kube-manifests-nlb-basics/
# Verify if NLB deleted
In AWS Mgmt Console,
Go to Services -> EC2 -> Load Balancing -> Load Balancers- Folder Name: 05-nlb-basics-terraform-manifests
- c1-versions.tf
- c2-remote-state-datasource.tf
- c3-providers.tf
- c4-kubernetes-app3-deployment.tf
- Folder Name: 05-nlb-basics-terraform-manifests
# Kubernetes Service Manifest (Type: Network Load Balancer Service)
resource "kubernetes_service_v1" "myapp3_nlb_service" {
metadata {
name = "basics-lbc-network-lb"
annotations = {
# Traffic Routing
"service.beta.kubernetes.io/aws-load-balancer-name" = "basics-lbc-network-lb"
"service.beta.kubernetes.io/aws-load-balancer-type" = "external"
"service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" = "instance" # specifies the target type to configure for NLB. You can choose between instance and ip
#service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-xxxx, mySubnet ## Subnets are auto-discovered if this annotation is not specified, see Subnet Discovery for further details.
# Health Check Settings
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" = "http"
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-port" = "traffic-port"
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-path" = "/index.html"
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold" = 3
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold" = 3
"service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval" = 10 # The controller currently ignores the timeout configuration due to the limitations on the AWS NLB. The default timeout for TCP is 10s and HTTP is 6s.
# Access Control
"service.beta.kubernetes.io/load-balancer-source-ranges" = "0.0.0.0/0" # specifies the CIDRs that are allowed to access the NLB.
"service.beta.kubernetes.io/aws-load-balancer-scheme" = "internet-facing" # specifies whether the NLB will be internet-facing or internal
# AWS Resource Tags
"service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" = "Environment=dev, Team=test"
}
}
spec {
selector = {
app = kubernetes_deployment_v1.myapp3.spec.0.selector.0.match_labels.app
}
port {
name = "http"
port = 80
target_port = 80
}
type = "LoadBalancer"
}
}# Change Directory
cd 05-nlb-basics-terraform-manifests
# Terraform Initialize
terraform init
# Terraform Validate
terraform validate
# Terraform Plan
terraform plan
# Terraform Apply
terraform apply -auto-approve# Verify Pods
kubectl get pods
# Verify Services
kubectl get svc
Observation:
1. Verify the network lb DNS name
# Verify AWS Load Balancer Controller pod logs
kubectl -n kube-system get pods
kubectl -n kube-system logs -f <aws-load-balancer-controller-POD-NAME>
# Verify using AWS Mgmt Console
Go to Services -> EC2 -> Load Balancing -> Load Balancers
1. Verify Description Tab - DNS Name matching output of "kubectl get svc" External IP
2. Verify Listeners Tab
Go to Services -> EC2 -> Load Balancing -> Target Groups
1. Verify Registered targets
2. Verify Health Check path
# Access Application
http://<NLB-DNS-NAME># Change Directory
cd 05-nlb-basics-terraform-manifests
# Terraform Destroy
terraform apply -destroy -auto-approve
rm -rf .terraform*- Dont destroy the Terraform Projects in below two folders
- Terraform Project Folder: 01-ekscluster-terraform-manifests
- Terraform Project Folder: 02-lbc-install-terraform-manifests
- Terraform Project Folder: 03-externaldns-install-terraform-manifests
- We are going to use them for all upcoming Usecases.
- Destroy Resorces Order
- 03-externaldns-install-terraform-manifests
- 02-lbc-install-terraform-manifests
- 01-ekscluster-terraform-manifests
##############################################################
## Destroy External DNS
# Change Directroy
cd 03-externaldns-install-terraform-manifests
# Terraform Destroy
terraform init
terraform apply -destroy -auto-approve
##############################################################
## Destroy LBC
# Change Directroy
cd 02-lbc-install-terraform-manifests
# Terraform Destroy
terraform init
terraform apply -destroy -auto-approve
##############################################################
## Destroy EKS Cluster
# Change Directroy
cd 01-ekscluster-terraform-manifests
# Terraform Destroy
terraform init
terraform apply -destroy -auto-approve
##############################################################