How to install AWS Load Balancer Controller in your EKS Cluster

AWS Load Balancer Controller (https://kubernetes-sigs.github.io/aws-load-balancer-controller/) is a controller to help manage Elastic Load Balancers (https://aws.amazon.com/elasticloadbalancing/) for a Kubernetes cluster.

It will allow us to provision Application Load Balancer (ALB - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/) as kubernetes ingress and Network Load Balancer (NLB - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/nlb/) as kubernetes service of type LoadBalancer.

Pre-requisite

• aws cli v2 (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
• eksctl (https://github.com/weaveworks/eksctl)

Create IAM Policy

We will first need to create IAM policy to allow the AWS Load Balancer Controller to make calls to AWS APIs.

Start by downloading the IAM policy:

curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.2/docs/install/iam_policy.json

Create the policy:

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

Take note of the full Policy ARN for the IAM policy. You will need it later.

Create Kubernetes ServiceAccount

Use eksctl to create the Kubernetes Service Account.

eksctl create iamserviceaccount \
  --cluster=<cluster name> \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=<iam policy arn> \
  --override-existing-serviceaccounts \
  --approve

Install with Helm

We will use Helm to install our AWS Load Balancer Controller. To start, we will need to add the repo.

helm repo add eks https://aws.github.io/eks-charts
helm repo update

Next, install the AWS Load Balancer Controller with the following command:

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=<cluster name> \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller 

You will see an output similar to this:

NAME: aws-load-balancer-controller
LAST DEPLOYED: Fri Jul 22 07:11:07 2022
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
AWS Load Balancer controller installed!

Tag your Subnets for auto-discovery

Proceed to your AWS console and tag all your subnets for auto-discovery (https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/deploy/subnet_discovery/)