How can I automatically discover the subnets used by my Application Load Balancer in Amazon EKS?

Last updated: 2021-04-21

I want to automatically discover the subnets used by my Application Load Balancer (ALB) in Amazon Elastic Kubernetes Service (Amazon EKS).

Short description

You can tag your AWS subnets to allow the AWS Load Balancer controller to auto discover subnets used for Application Load Balancers.

Resolution

1.    Deploy the AWS Load Balancer Controller for your Amazon EKS Cluster.

2.    Verify that the AWS Load Balancer Controller is installed:

kubectl get deployment -n kube-system aws-load-balancer-controller

Note: If the Deployment is deployed in a different namespace, then replace -n kube-system with the appropriate namespace.

3.    Create a Kubernetes Ingress resource on your cluster with the following annotation:

annotations:
    kubernetes.io/ingress.class: alb

Note: The AWS Load Balancer Controller creates load balancers. The Ingress resource configures the Application Load Balancer to route HTTP or HTTPS traffic to different pods within your cluster.

4.    Add either an internal or internet-facing annotation to specify where you want the Ingress to create your load balancer:

alb.ingress.kubernetes.io/scheme: internal

-or-

alb.ingress.kubernetes.io/scheme: internet-facing

Note: Choose internal to create an internal load balancer, or internet-facing to create a public load balancer.

5.    Use tags to allow the Application Load Balancer Ingress Controller to create a load balancer using auto-discovery. For example:

kubernetes.io/cluster/$CLUSTER_NAME            where $CLUSTER_NAME is the same CLUSTER_NAME that you pass to the controller in the --cluster-name option; the value must be set to owned or shared
kubernetes.io/role/internal-elb                should be set to 1 or an empty tag value for internal load balancers
kubernetes.io/role/elb                         should be set to 1 or an empty tag value for internet-facing load balancers

Note: You can use tags for auto-discovery instead of the manual alb.ingress.kubernetes.io/subnets annotation.

Example of a subnet with the correct tags for a cluster with an internal load balancer:

kubernetes.io/cluster/$CLUSTER_NAME    shared
kubernetes.io/role/internal-elb          1

Example of a subnet with the correct tags for a cluster with a public load balancer:

kubernetes.io/cluster/$CLUSTER_NAME      shared
kubernetes.io/role/elb                     1

Important: The AWS Load Balancer Controller workflow checks subnet tags for the value of " " (empty string) and 1. For private subnets, set the value of the kubernetes.io/role/internal-elb tag to an empty string or 1. For public subnets, set the value of the kubernetes.io/role/elb tag to an empty string or 1. These tags allow your subnets to be auto-discovered from the Amazon EKS VPC subnets of your Application Load Balancer.

6.    Validate that your Amazon EKS VPC subnets have the correct tags:

aws ec2 describe-subnets --subnet-ids your-subnet-xxxxxxxxxxxxxxxxx

7.    Deploy a sample application to verify that the AWS Load Balancer Controller creates an Application Load Balancer as a result of the Ingress object:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/examples/2048/2048_full.yaml

8.    Verify that the Ingress resource gets created and has an associated Application Load Balancer:

kubectl get ingress/2048-ingress -n 2048-game

Either an internal or internet-facing load balancer is created, depending on the annotations (alb.ingress.kubernetes.io/scheme:) that you defined in the Ingress object and subnets.


Did this article help?


Do you need billing or technical support?