cat <<EOF> values.yaml
nodeSelector: {
wsi/node: addon
}
EOF
helm repo add eks <https://aws.github.io/eks-charts>
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \\
-n kube-system \\
--set clusterName=wsi-eks-cluster \\
--set serviceAccount.create=false \\
--set serviceAccount.name=aws-load-balancer-controller \\
-f values.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wsi-ingress
namespace: skills
annotations:
alb.ingress.kubernetes.io/load-balancer-name: wsi-alb
alb.ingress.kubernetes.io/scheme: internet-facing
# alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/security-groups: sg_id
alb.ingress.kubernetes.io/healthcheck-path: /healthcheck
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '5'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '3'
alb.ingress.kubernetes.io/healthy-threshold-count: '3'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=30
alb.ingress.kubernetes.io/actions.targets: >
{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"wsi-customer-service","servicePort":8080,"weight":50},{"serviceName":"wsi-order-service","servicePort":8080,"weight":50}]}}
alb.ingress.kubernetes.io/actions.response-403: >
{"type":"fixed-response","fixedResponseConfig":{"contentType":"text/plain","statusCode":"403","messageBody":"Forbidden"}}
alb.ingress.kubernetes.io/target-group-attributes: load_balancing.algorithm.type=least_outstanding_requests
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /v1/customer
pathType: Prefix
backend:
service:
name: wsi-customer-service
port:
number: 8080
- path: /v1/product
pathType: Prefix
backend:
service:
name: wsi-product-service
port:
number: 8080
- path: /v1/order
pathType: Prefix
backend:
service:
name: wsi-order-service
port:
number: 8080
- path: /healthcheck
pathType: ImplementationSpecific
backend:
service:
name: targets
port:
name: use-annotation
- path: /
pathType: Prefix
backend:
service:
name: response-403
port:
name: use-annotation
sg_id=$(aws ec2 describe-security-groups --query "SecurityGroups[?GroupName=='wsi-ALB-sg'].GroupId" --output text)
sed -i "s|sg_id|$sg_id|g" ingress.yaml
cluster_sg_id=$(aws eks describe-cluster --name wsi-cluster --query "cluster.resourcesVpcConfig.clusterSecurityGroupId" --output text)
aws ec2 authorize-security-group-ingress --group-id $cluster_sg_id --protocol tcp --port 8080 --source-group $sg_id > /dev/null
#!/bin/bash
public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-public-a" --query "Subnets[].SubnetId[]" --output text)
public_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-public-b" --query "Subnets[].SubnetId[]" --output text)
public_c=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-public-c" --query "Subnets[].SubnetId[]" --output text)
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-private-a" --query "Subnets[].SubnetId[]" --output text)
private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-private-b" --query "Subnets[].SubnetId[]" --output text)
private_c=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=wsi-private-c" --query "Subnets[].SubnetId[]" --output text)
public_subnet_name=("$public_a" "$public_b" "$public_c")
private_subnet_name=("$private_a" "$private_b" "$private_c")
for name in "${public_subnet_name[@]}"
do
aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/elb,Value=1
done
for name in "${private_subnet_name[@]}"
do
aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/internal-elb,Value=1
done
kubectl apply -f ingress.yaml