AWS-alb-ingress-controller
项目:https://github.com/kubernetes-sigs/aws-load-balancer-controller
- 步骤1: controller 监听api-services的event事件,当发现 Ingress 资源满足要求,则将开始创建 AWS 资源。
- 步骤2: 为 Ingress 资源创建 ALB
- 步骤3: 为 Ingress 资源中指定的每个后端创建目标组
- 步骤4: 为 Ingress 资源注释中指定的每个端口创建侦听器
- 步骤5: 为 Ingress 资源中指定的每个路径创建规则
注意
- ingress-controller 需要有权限访问aws创建资源,具体权限可参考:
iam-policy.json
。本例子中直接对eks worknode role进行授权。理论上也可以进行OIDC接入aws iam针对于pod级别进行权限管理(未测试)。 - 确保ingress annotation的资源存在,否则创建会失败,具体可看pod日志。
service
的type为nodeport
。
- ingress-controller 需要有权限访问aws创建资源,具体权限可参考:
Install controller
rbac+sa+ns.yaml
1 | apiVersion: v1 |
controller.yaml
1 | apiVersion: apps/v1 |
iam-policy.json
1 | { |
ingress.yaml
1 | apiVersion: extensions/v1beta1 |
测试:
- 创建
alb-ingress-controller
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29➜ aws-alb-ingress-controller git:(master) ✗ k get all
NAME READY STATUS RESTARTS AGE
pod/alb-ingress-controller-9596b67b9-d7p69 1/1 Running 0 80d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/alb-ingress-controller 1/1 1 1 361d
NAME DESIRED CURRENT READY AGE
replicaset.apps/alb-ingress-controller-9596b67b9 1 1 1 361d
➜ aws-alb-ingress-controller git:(master) ✗ k logs -f pod/alb-ingress-controller-9596b67b9-d7p69
-------------------------------------------------------------------------------
AWS ALB Ingress controller
Release: v1.0.0
Build: git-c25bc6c5
Repository: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
-------------------------------------------------------------------------------
W0917 09:50:21.934737 1 client_config.go:552] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0917 09:50:21.990251 1 :0] kubebuilder/controller "level"=0 "msg"="Starting EventSource" "Controller"="alb-ingress-controller" "Source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{},"status":{"loadBalancer":{}}}}
I0917 09:50:21.990434 1 :0] kubebuilder/controller "level"=0 "msg"="Starting EventSource" "Controller"="alb-ingress-controller" "Source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{},"status":{"loadBalancer":{}}}}
I0917 09:50:21.990555 1 :0] kubebuilder/controller "level"=0 "msg"="Starting EventSource" "Controller"="alb-ingress-controller" "Source"={"Type":{"metadata":{"creationTimestamp":null}}}
I0917 09:50:21.990841 1 :0] kubebuilder/controller "level"=0 "msg"="Starting EventSource" "Controller"="alb-ingress-controller" "Source"={"Type":{"metadata":{"creationTimestamp":null},"spec":{},"status":{"daemonEndpoints":{"kubeletEndpoint":{"Port":0}},"nodeInfo":{"machineID":"","systemUUID":"","bootID":"","kernelVersion":"","osImage":"","containerRuntimeVersion":"","kubeletVersion":"","kubeProxyVersion":"","operatingSystem":"","architecture":""}}}}
I0917 09:50:21.993054 1 leaderelection.go:185] attempting to acquire leader lease alb-ingress-controller/ingress-controller-leader-alb...
I0917 09:50:38.515944 1 leaderelection.go:194] successfully acquired lease alb-ingress-controller/ingress-controller-leader-alb
I0917 09:50:38.716164 1 :0] kubebuilder/controller "level"=0 "msg"="Starting Controller" "Controller"="alb-ingress-controller"
I0917 09:50:38.816322 1 :0] kubebuilder/controller "level"=0 "msg"="Starting workers" "Controller"="alb-ingress-controller" "WorkerCount"=1 - 创建
ingress
测试1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60➜ aws-alb-ingress-controller git:(master) ✗ k get ingress
NAME HOSTS ADDRESS PORTS AGE
xiemx-web-ingress www.xiemx.com,*.xiemx.com 71a14391-albingresscontrol-2ac6-648325502.ap-northeast-1.elb.amazonaws.com 80 14m
➜ aws-alb-ingress-controller git:(master) ✗ curl 71a14391-albingresscontrol-2ac6-648325502.ap-northeast-1.elb.amazonaws.com -H host:www.xiemx.com -I
HTTP/1.1 200 OK
Date: Mon, 07 Dec 2020 06:39:29 GMT
Content-Type: text/plain
Connection: keep-alive
Server: echoserver
➜ aws-alb-ingress-controller git:(master) ✗ curl 71a14391-albingresscontrol-2ac6-648325502.ap-northeast-1.elb.amazonaws.com -H host:www.xiemx.com -i
HTTP/1.1 200 OK
Date: Mon, 07 Dec 2020 06:39:37 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Server: echoserver
Hostname: echo-85fb7989cc-d556c
Pod Information:
node name: ip-10-200-2-113.ap-northeast-1.compute.internal
pod name: echo-85fb7989cc-d556c
pod namespace: alb-ingress-controller
pod IP: 10.200.2.197
Server values:
server_version=nginx: 1.12.2 - lua: 10010
Request Information:
client_address=10.200.2.21
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://www.xiemx.com:8080/
Request Headers:
accept=*/*
host=www.xiemx.com
user-agent=curl/7.54.0
x-amzn-trace-id=Root=1-5fcdce29-473e8ac375ce203f4961bec3
x-forwarded-for=101.231.43.114
x-forwarded-port=80
x-forwarded-proto=http
Request Body:
-no body in request-
➜ aws-alb-ingress-controller git:(master) ✗ curl 71a14391-albingresscontrol-2ac6-648325502.ap-northeast-1.elb.amazonaws.com -H host:blog.xiemx.com -I
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Mon, 07 Dec 2020 06:39:44 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://blog.xiemx.com:443/ aws alb 规则