Skip to content

vugga/aws-alb-controller

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 

Repository files navigation

Create the ServiceAccount, ClusterRole and ClusterRoleBinding to use with the ALB controller.

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: alb1
    release: v1
  name: alb-service-account
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    app: alb1
    release: v1
  name: alb-sa-clusterrole
rules:
  - apiGroups:
      - ""
      - extensions
    resources:
      - configmaps
      - endpoints
      - events
      - ingresses
      - ingresses/status
      - services
    verbs:
      - create
      - get
      - list
      - update
      - watch
      - patch
  - apiGroups:
      - ""
      - extensions
    resources:
      - nodes
      - pods
      - secrets
      - services
      - namespaces
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  labels:
    app: alb1
    release: v1
  name: alb-sa-clusterrolebind
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: alb-sa-clusterrole
subjects:
  - kind: ServiceAccount
    name: alb-service-account
    namespace: kube-system

Add the serviceAccountName in the controller.

# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
# This manifest details sensible defaults for deploying an ALB Ingress Controller.
# GitHub: https://github.com/coreos/alb-ingress-controller
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: alb-ingress-controller
  name: alb-ingress-controller
  # Namespace the ALB Ingress Controller should run in. Does not impact which
  # namespaces it's able to resolve ingress resource for. For limiting ingress
  # namespace scope, see --watch-namespace.
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: alb-ingress-controller
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: alb-ingress-controller
    spec:
      containers:
      - args:
        - /server
        # Ingress controllers must have a default backend deployment where
        # all unknown locations can be routed to. Often this is a 404 page. The
        # default backend is not particularly helpful to the ALB Ingress Controller
        # but is still required. The default backend and its respective service 
        # must be running Kubernetes for this controller to start.
        - --default-backend-service=kube-system/default-http-backend
        # Limit the namespace where this ALB Ingress Controller deployment will
        # resolve ingress resources. If left commented, all namespaces are used.
        #- --watch-namespace=your-k8s-namespace
        # Setting the ingress-class flag below will ensure that only ingress resources with the
        # annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may
        # choose any class you'd like for this controller to respect.
        #- --ingress-class=alb
        env:
          # AWS region this ingress controller will operate in.
          # List of regions:
          # http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region 
        - name: AWS_REGION
          value: us-west-1
          # Name of your cluster. Used when naming resources created
          # by the ALB Ingress Controller, providing distinction between
          # clusters.
        - name: CLUSTER_NAME
          value: devCluster
          # AWS key id for authenticating with the AWS API.
          # This is only here for examples. It's recommended you instead use
          # a project like kube2iam for granting access.
        #- name: AWS_ACCESS_KEY_ID
           #value: KEYVALUE
          # AWS key secret for authenticating with the AWS API.
          # This is only here for examples. It's recommended you instead use
          # a project like kube2iam for granting access.
        #- name: AWS_SECRET_ACCESS_KEY
           #value: SECRETVALUE
          # Enables logging on all outbound requests sent to the AWS API.
          # If logging is desired, set to true.
        - name: AWS_DEBUG
          value: "false"
          # Maximum number of times to retry the aws calls.
          # defaults to 20.
        - name: AWS_MAX_RETRIES
          value: "20"
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        # Repository location of the ALB Ingress Controller.
        image: quay.io/coreos/alb-ingress-controller:1.0-alpha.3
        imagePullPolicy: Always
        name: server
        resources: {}
        terminationMessagePath: /dev/termination-log
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      serviceAccountName: alb-service-account
      terminationGracePeriodSeconds: 30

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published