K8S with External Cloud Controller Manager
Scenario and Challange
In last post I was able to automate and create a self-owned K8S cluster on AWS EC2 instances by using Ansible and Terraform.
In this Scenario when deploying k8s pods and services in this K8S cluster, it will not create AWS loadbalancer even mentioned type = LoadBalancer, but this can be eaily achieved when in a AWS managed EKS cluster.
By searching online, Kubernetes actually provides such solution called “cloud-provider-aws”, which provides interface between a self-owned AWS Kubernetes cluster and AWS APIs. This allows EC2 instances running Kubernetes node to be able to provision AWS NLB or ELB resources during service deployment by mentioning “LoadBalancer”..
To enable the Kubernetes External Cloud Controller Manager, a AWS Cloud Controller manager need to be deployed into cluster, by doing so, it will create and a AWS loadbalancers (NLB), then self-owned K8S cluster can expose services externally by creating ELB.
Steps
There are a few steps need to be done, docs can be followed by bellow link:
https://github.com/kubernetes/cloud-provider-aws/blob/master/docs/getting_started.md
- Change EC2 hostname from ip to FQDN
To be able to communicate with AWS API, the k8s node should be changed to FQDN rather than default EC2 IP address
- Create and assign IAM roles to k8s nodes
IAM role needed for EC2 running K8S nodes to have proper permission to interact with AWS APIs and create and maintain AWS service
- Tag ec2 instances as owned
The K8S nodes need to be tagged as owned
- AWS Cloud Controller manager need to be deployed into K8S, this will create a NetworkLoadbalancer in AWS
- Add the –cloud-provider=external to the kube-controller-manager config, kube apiserver config and kubelet’s config
Conclusion
now when create a k8s deployment and service, it will automatically create AWS loadbalancer to route traffic from external into K8S internal pods