创建ALB策略
# 下载策略文件
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.13.3/docs/install/iam_policy.json
# 创建策略
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy_cn.json
eksctl创建role关联策略
# 使用eksctl 创建 Amazon ALB CSI 插件 IAM 角色 eksctl create iamserviceaccount \ --cluster=my-cluster \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-name AmazonEKSLoadBalancerControllerRole \ --attach-policy-arn=arn:aws:iam::111122223333:policy/AWSLoadBalancerControllerIAMPolicy \ --approve
Helm安装alb插件
# 添加alb的helm仓库 helm repo add eks https://aws.github.io/eks-charts helm repo update # 创建alb控制器 helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=my-cluster \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller
测试demo
###下载测试文件 curl -O https://image-auto-scaleing.s3.cn-north-1.amazonaws.com.cn/2048_full.yaml 注意: 这个配置文件需要修改成自己的子网 ###看日志 kubectl logs -f -n kube-system -l app.kubernetes.io/instance=aws-load-balancer-controller ###查看ingress kubectl get ingress ###alb学习网站 https://aws.github.io/aws-eks-best-practices/networking/loadbalancing/loadbalancing/ ###alb注解部分 https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/
案例配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-app
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:893420598334:certificate/e12c3d71-2932-4406-a2c6-233aaf23d2ca"
alb.ingress.kubernetes.io/subnets: "subnet-0a1c2b100ac0bc1f9,subnet-0322fa7a61e37d532,subnet-01c03cc8a7370200a"
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectActionConfig": {"Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/tags: owner=zhangruimeng@bosicloud.com
spec:
ingressClassName: alb
rules:
- host: nginx.moriarty.link
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc
port:
number: 80
自我判定
# | 判定描述 | 自我判定(是/否) |
|---|---|---|
| 1 | 在各搜索引擎中是否能找到知识信息(包括但不限于Google、百度、Bing) | 是 |
| 2 | 是否需要代码集成开发 | 否 |