Aws-alb-controller: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| Строка 9: | Строка 9: | ||
https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main<BR> |
https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main<BR> |
||
Просто что бы не забыть шаги<BR> |
Просто что бы не забыть шаги<BR> |
||
| + | |||
| + | =1= |
||
| + | <PRE> |
||
| + | curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json |
||
| + | aws iam create-policy \ |
||
| + | --policy-name AWSLoadBalancerControllerIAMPolicy \ |
||
| + | --policy-document file://iam-policy.json |
||
| + | </PRE> |
||
| + | |||
| + | =role= |
||
| + | <PRE> |
||
| + | { |
||
| + | "Effect": "Allow", |
||
| + | "Principal": { |
||
| + | "Federated": "arn:aws:iam::123456789012:oidc-provider/oidc.eks.region.amazonaws.com/id/ABCD1234567890" |
||
| + | }, |
||
| + | "Action": "sts:AssumeRoleWithWebIdentity", |
||
| + | "Condition": { |
||
| + | "StringEquals": { |
||
| + | "oidc.eks.region.amazonaws.com/id/ABCD1234567890:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller" |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | </PRE> |
||
| + | |||
| + | =SA= |
||
| + | <PRE> |
||
| + | apiVersion: v1 |
||
| + | kind: ServiceAccount |
||
| + | metadata: |
||
| + | name: aws-load-balancer-controller |
||
| + | namespace: kube-system |
||
| + | annotations: |
||
| + | eks.amazonaws.com/role-arn: arn:aws:iam::<account-id>:role/<generated-role-name> |
||
| + | </PRE> |
||
| + | |||
| + | <PRE> |
||
| + | helm repo add eks https://aws.github.io/eks-charts |
||
| + | helm repo update |
||
| + | </PRE> |
||
| + | <PRE> |
||
| + | helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ |
||
| + | -n kube-system \ |
||
| + | --set clusterName=<CLUSTER_NAME> \ |
||
| + | --set serviceAccount.create=false \ |
||
| + | --set serviceAccount.name=aws-load-balancer-controller \ |
||
| + | --set region=<REGION> \ |
||
| + | --set vpcId=<VPC_ID> \ |
||
| + | --set ingressClass=alb |
||
| + | </PRE> |
||
Версия 12:19, 9 июня 2025
Это заметка про настройку aws-load-balancer-controller
https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main
Просто что бы не забыть шаги
1
curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam-policy.json
role
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456789012:oidc-provider/oidc.eks.region.amazonaws.com/id/ABCD1234567890"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.region.amazonaws.com/id/ABCD1234567890:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller"
}
}
}
SA
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-load-balancer-controller
namespace: kube-system
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::<account-id>:role/<generated-role-name>
helm repo add eks https://aws.github.io/eks-charts helm repo update
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=<CLUSTER_NAME> \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller \ --set region=<REGION> \ --set vpcId=<VPC_ID> \ --set ingressClass=alb
