AWS EKS – AWS Load Balancer Controller & ALB Ingress Setup
This document explains how to configure the AWS Load Balancer Controller on an Amazon EKS cluster and expose internal Kubernetes services like Kubernetes Dashboard and Argo CD using an Application Load Balancer (ALB) with HTTPS.
1. Configure kubectl for EKS Cluster
aws eks --region ap-south-1 update-kubeconfig --name zeroExplanation
- Updates the local kubeconfig file.
- Enables kubectl to authenticate with the EKS cluster using IAM.
2. Download AWS Load Balancer Controller IAM Policy
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.14.1/docs/install/iam_policy.jsonExplanation
- Contains required AWS permissions for ALB creation and management.
3. Create IAM Policy
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.jsonExplanation
- Creates an IAM policy used by the controller via IRSA.
4. Install Helm
snap install helm --classicExplanation
- Helm is used to deploy Kubernetes applications efficiently.
5. Add EKS Helm Repository
helm repo add eks https://aws.github.io/eks-charts
helm repo update6. Install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl versionExplanation
- eksctl simplifies EKS cluster and IAM-related operations.
7. Associate IAM OIDC Provider
eksctl utils associate-iam-oidc-provider \
--region ap-south-1 \
--cluster zero \
--approveExplanation
- Enables IAM Roles for Service Accounts (IRSA).
8. Create IAM ServiceAccount for ALB Controller
eksctl create iamserviceaccount \
--cluster=zero \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::497836541334:policy/AWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--region ap-south-1 \
--approveExplanation
- Grants the controller permission to manage AWS ALB resources.
9. Install AWS Load Balancer Controller
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=zero \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=ap-south-1 \
--set vpcId=vpc-0a68838e349634ae810. Verify Installation
kubectl get deployment -n kube-system aws-load-balancer-controller
kubectl get pods -n kube-system | grep aws-load-balancer-controller11. Kubernetes Dashboard Ingress (ALB + HTTPS)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:497836541334:certificate/8ce5cc94-38d1-4fe2-b11e-e158f307f338
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-path: /api/v1/healthz
spec:
ingressClassName: alb
rules:
- host: eks-dashboard.asifahmadkhan.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 44312. Argo CD Ingress (ALB + HTTPS)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ingress
namespace: argocd
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:497836541334:certificate/8ce5cc94-38d1-4fe2-b11e-e158f307f338
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-path: /healthz
spec:
ingressClassName: alb
rules:
- host: argocd.asifahmadkhan.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80Summary
- Configured AWS Load Balancer Controller using IRSA
- Exposed Kubernetes Dashboard and Argo CD via ALB
- Secured endpoints using ACM SSL certificates
- Implemented production-grade EKS ingress architecture