How do I set up the AWS Load Balancer Controller on an Amazon EKS cluster for Fargate and deploy the 2048 game?
I want to set up the AWS Load Balancer Controller on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for AWS Fargate. Then, I want to deploy the 2048 game.
Short description
You can set up AWS Load Balancer Controller without any existing Application Load Balancer (ALB) Ingress Controller deployments.
Before setting up the AWS Load Balancer Controller on a new Fargate cluster, consider the following:
- Uninstall the AWS ALB Ingress Controller for Kubernetes. The AWS Load Balancer Controller replaces the functionality of the AWS ALB Ingress Controller.
- Use eksctl version 0.109.0 or greater.
- Install Helm on the workstation.
- The --region variable isn't always used in the commands because the default value for your AWS Region is used. To check the default value, run the aws configure command. To change the AWS Region, use the --region flag.
- Amazon EKS on Fargate is available in all AWS Regions, except AWS GovCloud (US-East) and AWS GovCloud (US-West).
- Replace placeholder values in code snippets with your own values.
Resolution
Create an Amazon EKS cluster, service account policy, and role-based access control (RBAC) policies
1. To use eksctl to create an Amazon EKS cluster, run the following command:
eksctl create cluster --name YOUR_CLUSTER_NAME --version 1.23 --fargate
Note: You don't need to create a Fargate pod execution role for clusters that use only Fargate pods (--fargate).
2. Allow the cluster to use AWS Identity and Access Management (IAM) for service accounts by running the following command:
eksctl utils associate-iam-oidc-provider --cluster YOUR_CLUSTER_NAME --approve
Note: The FargateExecutionRole is the role that's used for the kubelet and kube-proxy to run your Fargate pod on. However, it's not the role used for the Fargate pod (that is, the aws-load-balancer-controller). For Fargate pods, you must use the IAM role for the service account. For more information, see IAM roles for service accounts.
3. To download an IAM policy that allows the AWS Load Balancer Controller to make calls to AWS APIs on your behalf, run the following command:
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json
4. To create an IAM policy using the policy that you downloaded in step 3, run the following command:
aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json
5. To create a service account named aws-load-balancer-controller in the kube-system namespace for the AWS Load Balancer Controller, run the following command:
eksctl create iamserviceaccount \ --cluster=YOUR_CLUSTER_NAME \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --attach-policy-arn=arn:aws:iam::<AWS_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy \ --override-existing-serviceaccounts \ --approve
6. To verify that the new service role is created, run one of the following commands:
eksctl get iamserviceaccount --cluster YOUR_CLUSTER_NAME --name aws-load-balancer-controller --namespace kube-system
-or-
kubectl get serviceaccount aws-load-balancer-controller --namespace kube-system
Install the AWS Load Balancer Controller using Helm
Important: For more information, see cert-manager on the Jetstack GitHub website and the discussion topic Cert-manager issues with Fargate on the Kubernetes GitHub website.
1. To add the Amazon EKS chart repo to Helm, run the following command:
helm repo add eks https://aws.github.io/eks-charts
2. To install the TargetGroupBinding custom resource definitions (CRDs), run the following command:
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
3. To install the Helm chart, run the following command:
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ --set clusterName=YOUR_CLUSTER_NAME \ --set serviceAccount.create=false \ --set region=YOUR_REGION_CODE \ --set vpcId=<VPC_ID> \ --set serviceAccount.name=aws-load-balancer-controller \ -n kube-system
Test the AWS Load Balancer Controller
You can use the AWS Load Balancer Controller to create either an Application Load Balancer for Ingress or a Network Load Balancer for creating a k8s service. To deploy a sample app called 2048 with Application Load Balancer Ingress, do the following:
1. To create a Fargate profile that's required for the game deployment, run the following command:
eksctl create fargateprofile --cluster your-cluster --region your-region-code --name your-alb-sample-app --namespace game-2048
2. To deploy the sample game and verify that the AWS Load Balancer Controller creates an ALB Ingress resource, run the following command:
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/examples/2048/2048_full.yaml
3. After a few minutes, verify that the Ingress resource was created by running the following command:
kubectl get ingress/ingress-2048 -n game-2048
You received the following output:
NAME CLASS HOSTS ADDRESS PORTS AGE ingress-2048 <none> * k8s-game2048-ingress2-xxxxxxxxxx-yyyyyyyyyy.us-east-2.elb.amazonaws.com 80 2m32s
Note: If your Ingress isn't created after several minutes, view the AWS Load Balancer Controller logs by running the following command:
kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
Note: Your logs might contain error messages that can help you diagnose issues with your deployment.
4. Open a browser, and navigate to the ADDRESS URL from the previous command output to view the sample application.
Note: If you don't see the sample application, then wait a few minutes and refresh your browser.
Deploy a sample application with the Network Load Balancer IP address mode service
To use the Network Load Balancer IP address mode, you must have a cluster running at least Kubernetes v1.16 or higher.
1. To create a Fargate profile, run the following command:
eksctl create fargateprofile --cluster your-cluster --region your-region-code --name your-alb-sample-app --namespace game-2048
2. To get the manifest for deploying the 2048 game, run the following command:
curl -o 2048-game.yaml https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/examples/2048/2048_full.yaml
3. In the manifest from step 2, delete this Ingress section:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: game-2048 name: ingress-2048 annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip spec:ingressClassName: alb rules: - http: paths: - path: / pathType: Prefix backend: service: name: service-2048 port: number: 80
4. Modify the Service object:
apiVersion: v1 kind: Service metadata: namespace: game-2048 name: service-2048 annotations: service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-type: external service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing spec: ports: - port: 80 targetPort: 80 protocol: TCP type: LoadBalancer selector: app.kubernetes.io/name: app-2048
5. To create the service and deployment manifest, run the following command:
kubectl apply -f 2048-game.yaml
6. To check for service creation and the DNS name of the Network Load Balancer, run the following command:
kubectl get svc -n game-2048
You received the following output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service-2048 LoadBalancer 10.100.114.197 k8s-game2048-service2-xxxxxxxxxx-yyyyyyyyyy.us-east-2.elb.amazonaws.com 80:30159/TCP 23m
7. Wait a few minutes until the load balancer is active. Then, to check that you can reach the deployment, open the fully qualified domain name (FQDN) of the NLB that's referenced in the EXTERNAL-IP section in a web browser.
Troubleshoot the AWS Load Balancer Controller
If you have issues setting up the controller, then run the following commands:
$ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller $ kubectl get endpoints -n game-2048 $ kubectl get ingress/ingress-2048 -n game-2048
The output from the logs command returns error messages (for example, with tags or subnets). These error messages can help you troubleshoot common errors (from the Kubernetes GitHub website). The get endpoints command shows you if the backed deployment pods are correctly registered. The get ingress commands show you if Ingress resources are deployed.
Related videos

Relevant content
- asked a year agolg...
- asked 2 years agolg...
- Accepted Answerasked 3 months agolg...
- asked 10 months agolg...
- asked 6 days agolg...
- AWS OFFICIALUpdated 6 months ago
- How can I troubleshoot issues when I use the AWS Load Balancer Controller to create a load balancer?AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 7 months ago