0

I want to create a single node K8S cluster on AWS and run a simple demo app, exposed to the outside world on port 80. How do I do this?

Conceptually I understand that I need a pod which is defined by a deployment and exposed by an AWS load balancer. I don't understand how k8s has permissions to create an ELB on my behalf?

The waiter container image is here.

Here's where I'm at. All instructions are taken from here:

1) Create the cluster with Ansible (geerlingguy.docker and geerlingguy.kubernetes roles). This role uses kubeadm.

2) Run the mandatory command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

3) Run the Layer 4 commands (I arbitrarily picked L4):

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-l4.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/patch-configmap-l4.yaml

4) Verify the installation:

$ kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch

NAMESPACE       NAME                           READY   STATUS    RESTARTS
ingress-nginx   nginx-ingress-controller-...   1/1     Running   0

5) Create the service:

kubectl apply -f service.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: firstappservice
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  selector:
    app: firstapp

6) Create the deployment:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: firstapp
  labels:
    app: firstapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: firstapp
  template:
    metadata:
      labels:
        app: firstapp
    spec:
      containers:
      - name: waiter
        image: adamgardnerdt/waiter:v1
        ports:
          - containerPort: 80

I'm sure I'm missing something simple, yet fundamental. Granted I am a complete Kubernetes noob.

A. Gardner
  • 101

1 Answers1

1

One way of achieving this would be to deploy the aws-alb-ingress-controller.

The AWS ALB Ingress Controller satisfies Kubernetes ingress resources by provisioning Application Load Balancers.

k8s get permissions to create ELB resources on your behalf through IAM like everything in AWS.

AWS API Access

To perform operations, the controller must have required IAM role capabilities for accessing and provisioning ALB resources. There are many ways to achieve this, such as loading AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY as environment variables or using kube2iam.

A sample IAM policy, with the minimum permissions to run the controller, can be found in alb-iam-policy.json.

aws-alb-ingress-controller/guide/controller/config/

Henrik Pingel
  • 8,676
  • 2
  • 24
  • 38
  • Thanks Henrik. For my background knowledge, is it possible to create a cluster on AWS but without using their load balancers? I was thinking something like the nginx ingress controller? – A. Gardner Jul 16 '19 at 08:51