Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 19. AWS Load Balancer Operator

19.1. AWS Load Balancer Operator in OpenShift Container Platform
Copia collegamento

The AWS Load Balancer (ALB) Operator deploys and manages an instance of the 

aws-load-balancer-controller
. You can install the ALB Operator from the OperatorHub by using OpenShift Container Platform web console or CLI.

19.1.1. AWS Load Balancer Operator considerations
Copia collegamento

Review the following limitations before installing and using the AWS Load Balancer Operator.

  • The IP traffic mode only works on AWS Elastic Kubernetes Service (EKS). The AWS Load Balancer Operator disables the IP traffic mode for the AWS Load Balancer Controller. As a result of disabling the IP traffic mode, the AWS Load Balancer Controller cannot use the pod readiness gate.
  • The AWS Load Balancer Operator adds command-line flags such as 
    --disable-ingress-class-annotation
    and 
    --disable-ingress-group-name-annotation
    to the AWS Load Balancer Controller. Therefore, the AWS Load Balancer Operator does not allow using the 
    kubernetes.io/ingress.class
    and 
    alb.ingress.kubernetes.io/group.name
    annotations in the 
    Ingress
    resource.

19.1.2. AWS Load Balancer Operator
Copia collegamento

The AWS Load Balancer Operator can tag the public subnets if the 

kubernetes.io/role/elb
tag is missing. Also, the AWS Load Balancer Operator detects the following from the underlying AWS cloud:

  • The ID of the virtual private cloud (VPC) on which the cluster hosting the Operator is deployed in.
  • Public and private subnets of the discovered VPC.

Prerequisites

  • You must have the AWS credentials secret. The credentials are used to provide subnet tagging and VPC discovery.

Procedure

  1. You can deploy the AWS Load Balancer Operator on demand from the OperatorHub, by creating a 

    Subscription
    object: 

    $ oc -n aws-load-balancer-operator get sub aws-load-balancer-operator --template='{{.status.installplan.name}}{{"\n"}}'

    Example output

    install-zlfbt

  2. Check the status of an install plan. The status of an install plan must be 

    Complete
    : 

    $ oc -n aws-load-balancer-operator get ip <install_plan_name> --template='{{.status.phase}}{{"\n"}}'

    Example output

    Complete

  3. Use the 

    oc get
    command to view the 
    Deployment
    status: 

    $ oc get -n aws-load-balancer-operator deployment/aws-load-balancer-operator-controller-manager

    Example output

    NAME                                           READY     UP-TO-DATE   AVAILABLE   AGE
aws-load-balancer-operator-controller-manager  1/1       1            1           23h

19.1.3. AWS Load Balancer Operator logs
Copia collegamento

Use the 

oc logs
command to view the AWS Load Balancer Operator logs.

Procedure

  • View the logs of the AWS Load Balancer Operator: 

    $ oc logs -n aws-load-balancer-operator deployment/aws-load-balancer-operator-controller-manager -c manager

19.2. Understanding AWS Load Balancer Operator
Copia collegamento

The AWS Load Balancer (ALB) Operator deploys and manages an instance of the 

aws-load-balancer-controller
resource. You can install the AWS Load Balancer Operator from the OperatorHub by using OpenShift Container Platform web console or CLI.

19.2.1. Installing the AWS Load Balancer Operator
Copia collegamento

You can install the AWS Load Balancer Operator from the OperatorHub by using the OpenShift Container Platform web console.

Prerequisites

  • You have logged in to the OpenShift Container Platform web console as a user with 
    cluster-admin
    permissions.
  • Your cluster is configured with AWS as the platform type and cloud provider.

Procedure

  1. Navigate to Operators OperatorHub in the OpenShift Container Platform web console.
  2. Select the AWS Load Balancer Operator. You can use the Filter by keyword text box or use the filter list to search for the AWS Load Balancer Operator from the list of Operators.
  3. Select the 
    aws-load-balancer-operator
    namespace.
  4. Follow the instructions to prepare the Operator for installation.
  5. On the AWS Load Balancer Operator page, click Install.

  6. On the Install Operator page, select the following options:

    1. Update the channel as stable-v0.1.
    2. Installation mode as A specific namespace on the cluster.
    3. Installed Namespace as 
      aws-load-balancer-operator
      . If the 
      aws-load-balancer-operator
      namespace does not exist, it gets created during the Operator installation.
    4. Select Update approval as Automatic or Manual. By default, the Update approval is set to Automatic. If you select automatic updates, the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention. If you select manual updates, the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to update the Operator updated to the new version.
    5. Click Install.

Verification

  • Verify that the AWS Load Balancer Operator shows the Status as Succeeded on the Installed Operators dashboard.

19.3. Creating an instance of AWS Load Balancer Controller
Copia collegamento

After installing the Operator, you can create an instance of the AWS Load Balancer Controller.

You can install only a single instance of the 

aws-load-balancer-controller
in a cluster. You can create the AWS Load Balancer Controller by using CLI. The AWS Load Balancer(ALB) Operator reconciles only the resource with the name 
cluster
.

Prerequisites

  • You have created the 
    echoserver
    namespace.
  • You have access to the OpenShift CLI (
    oc
    ).

Procedure

  1. Create an 

    aws-load-balancer-controller
    resource YAML file, for example, 
    sample-aws-lb.yaml
    , as follows: 

    apiVersion: networking.olm.openshift.io/v1alpha1
kind: AWSLoadBalancerController
    1 
    
metadata:
  name: cluster
    2 
    
spec:
  subnetTagging: Auto
    3 
    
  additionalResourceTags:
    4 
    
    example.org/cost-center: 5113232
    example.org/security-scope: staging
  ingressClass: alb
    5 
    
  config:
    replicas: 2
    6 
    
  enabledAddons:
    7 
    
    - AWSWAFv2
    8
    1
    Defines the aws-load-balancer-controller resource.
    2
    Defines the AWS Load Balancer Controller instance name. This instance name gets added as a suffix to all related resources.
    3
    Valid options are Auto and Manual. When the value is set to Auto, the Operator attempts to determine the subnets that belong to the cluster and tags them appropriately. The Operator cannot determine the role correctly if the internal subnet tags are not present on internal subnet. If you installed your cluster on user-provided infrastructure, you can manually tag the subnets with the appropriate role tags and set the subnet tagging policy to Manual.
    4
    Defines the tags used by the controller when it provisions AWS resources.
    5
    The default value for this field is alb. The Operator provisions an IngressClass resource with the same name if it does not exist.
    6
    Specifies the number of replicas of the controller.
    7
    Specifies add-ons for AWS load balancers, which get specified through annotations.
    8
    Enables the alb.ingress.kubernetes.io/wafv2-acl-arn annotation.

  2. Create a 

    aws-load-balancer-controller
    resource by running the following command: 

    $ oc create -f sample-aws-lb.yaml

  3. After the AWS Load Balancer Controller is running, create a 

    deployment
    resource: 

    apiVersion: apps/v1
kind: Deployment
    1 
    
metadata:
  name: <echoserver>
    2 
    
  namespace: echoserver
spec:
  selector:
    matchLabels:
      app: echoserver
  replicas: 3
    3 
    
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
        - image: openshift/origin-node
          args:
            - TCP4-LISTEN:8080,reuseaddr,fork
            - EXEC:'/bin/bash -c \"printf \\\"HTTP/1.0 200 OK\r\n\r\n\\\"; sed -e \\\"/^\r/q\\\"\"'
          imagePullPolicy: Always
          name: echoserver
          ports:
            - containerPort: 8080
    1
    Defines the deployment resource.
    2
    Specifies the deployment name.
    3
    Specifies the number of replicas of the deployment.

  4. Create a 

    service
    resource: 

    apiVersion: v1
kind: Service
    1 
    
metadata:
  name: <echoserver>
    2 
    
  namespace: echoserver
spec:
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
  type: NodePort
  selector:
    app: echoserver
    1
    Defines the service resource.
    2
    Specifies the name of the service.

  5. Deploy an ALB-backed 

    Ingress
    resource: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
    1 
    
metadata:
  name: <echoserver>
    2 
    
  namespace: echoserver
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: instance
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Exact
            backend:
              service:
                name: <echoserver>
    3 
    
                port:
                  number: 80
    1
    Defines the ingress resource.
    2
    Specifies the name of the ingress resource.
    3
    Specifies the name of the service resource.

Verification

  • Verify the status of the 

    Ingress
    resource to show the host of the provisioned AWS Load Balancer (ALB) by running the following command: 

    $ HOST=$(kubectl get ingress -n echoserver echoserver -o json | jq -r '.status.loadBalancer.ingress[0].hostname')

  • Verify the status of the provisioned AWS Load Balancer (ALB) host by running the following command: 

    $ curl $HOST

19.4. Creating multiple ingresses
Copia collegamento

You can route the traffic to different services that are part of a single domain through a single AWS Load Balancer (ALB). Each Ingress resource provides different endpoints of the domain.

19.4.1. Creating multiple ingresses through a single AWS Load Balancer
Copia collegamento

You can route the traffic to multiple Ingresses through a single AWS Load Balancer (ALB) by using the CLI.

Prerequisites

  • You have an access to the OpenShift CLI (
    oc
    ).

Procedure

  1. Create an 

    IngressClassParams
    resource YAML file, for example, 
    sample-single-lb-params.yaml
    , as follows: 

    apiVersion: elbv2.k8s.aws/v1beta1
    1 
    
kind: IngressClassParams
metadata:
  name: single-lb-params
    2 
    
spec:
  group:
    name: single-lb
    3
    1
    Defines the API group and version of the IngressClassParams resource.
    2
    Specifies the name of the IngressClassParams resource.
    3
    Specifies the name of the IngressGroup. All Ingresses of this class belong to this IngressGroup.

  2. Create an 

    IngressClassParams
    resource by running the following command: 

    $ oc create -f sample-single-lb-params.yaml

  3. Create an 

    IngressClass
    resource YAML file, for example, 
    sample-single-lb-class.yaml
    , as follows: 

    apiVersion: networking.k8s.io/v1
    1 
    
kind: IngressClass
metadata:
  name: single-lb
    2 
    
spec:
  controller: ingress.k8s.aws/alb
    3 
    
  parameters:
    apiGroup: elbv2.k8s.aws
    4 
    
    kind: IngressClassParams
    5 
    
    name: single-lb-params
    6
    1
    Defines the API group and version of the IngressClass resource.
    2
    Specifies the name of the IngressClass.
    3
    Defines the controller name. ingress.k8s.aws/alb denotes that all Ingresses of this class should be managed by the aws-load-balancer-controller.
    4
    Defines the API group of the IngressClassParams resource.
    5
    Defines the resource type of the IngressClassParams resource.
    6
    Defines the name of the IngressClassParams resource.

  4. Create an 

    IngressClass
    resource by running the following command: 

    $ oc create -f sample-single-lb-class.yaml

  5. Create an 

    AWSLoadBalancerController
    resource YAML file, for example, 
    sample-single-lb.yaml
    , as follows: 

    apiVersion: networking.olm.openshift.io/v1
kind: AWSLoadBalancerController
metadata:
  name: cluster
spec:
  subnetTagging: Auto
  ingressClass: single-lb
    1
    1
    Defines the name of the IngressClass resource.

  6. Create an 

    AWSLoadBalancerController
    resource by running the following command: 

    $ oc create -f sample-single-lb.yaml

  7. Create an 

    Ingress
    resource YAML file, for example, 
    sample-multiple-ingress.yaml
    , as follows: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-1
    1 
    
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    2 
    
    alb.ingress.kubernetes.io/group.order: "1"
    3 
    
    alb.ingress.kubernetes.io/target-type: instance
    4 
    
spec:
  ingressClassName: single-lb
    5 
    
  rules:
  - host: example.com
    6 
    
    http:
        paths:
        - path: /blog
    7 
    
          pathType: Prefix
          backend:
            service:
              name: example-1
    8 
    
              port:
                number: 80
    9 
    
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-2
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group.order: "2"
    alb.ingress.kubernetes.io/target-type: instance
spec:
  ingressClassName: single-lb
  rules:
  - host: example.com
    http:
        paths:
        - path: /store
          pathType: Prefix
          backend:
            service:
              name: example-2
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-3
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group.order: "3"
    alb.ingress.kubernetes.io/target-type: instance
spec:
  ingressClassName: single-lb
  rules:
  - host: example.com
    http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: example-3
              port:
                number: 80
    1
    Specifies the name of an ingress.
    2
    Indicates the load balancer to provision in the public subnet and makes it accessible over the internet.
    3
    Specifies the order in which the rules from the Ingresses are matched when the request is received at the load balancer.
    4
    Indicates the load balancer will target OpenShift nodes to reach the service.
    5
    Specifies the Ingress Class that belongs to this ingress.
    6
    Defines the name of a domain used for request routing.
    7
    Defines the path that must route to the service.
    8
    Defines the name of the service that serves the endpoint configured in the ingress.
    9
    Defines the port on the service that serves the endpoint.

  8. Create the 

    Ingress
    resources by running the following command: 

    $ oc create -f sample-multiple-ingress.yaml

19.5. Adding TLS termination
Copia collegamento

You can add TLS termination on the AWS Load Balancer.

19.5.1. Adding TLS termination on the AWS Load Balancer
Copia collegamento

You can route the traffic for the domain to pods of a service and add TLS termination on the AWS Load Balancer.

Prerequisites

  • You have an access to the OpenShift CLI (
    oc
    ).

Procedure

  1. Install the Operator and create an instance of the 

    aws-load-balancer-controller
    resource: 

    apiVersion: networking.k8s.io/v1
kind: AWSLoadBalancerController
group: networking.olm.openshift.io/v1alpha1
    1 
    
metadata:
  name: cluster
spec:
  subnetTagging: Auto
  ingressClass: tls-termination
    2
    1 2
    Defines the name of an ingressClass resource reconciled by the AWS Load Balancer Controller. This ingressClass resource gets created if it is not present. You can add additional ingressClass values. The controller reconciles the ingressClass values if the spec.controller is set to ingress.k8s.aws/alb.

  2. Create an 

    Ingress
    resource: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: <example>
    1 
    
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    2 
    
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx
    3 
    
spec:
  ingressClassName: tls-termination
    4 
    
  rules:
  - host: <example.com>
    5 
    
    http:
        paths:
          - path: /
            pathType: Exact
            backend:
              service:
                name: <example-service>
    6 
    
                port:
                  number: 80
    1
    Specifies the name of an ingress.
    2
    The controller provisions the load balancer for this Ingress resource in a public subnet so that the load balancer is reachable over the internet.
    3
    The Amazon Resource Name of the certificate that you attach to the load balancer.
    4
    Defines the ingress class name.
    5
    Defines the domain for traffic routing.
    6
    Defines the service for traffic routing.
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red HatTorna in cima