AWS EKS – AWS Load Balancer Controller & ALB Ingress Setup

This document explains how to configure the AWS Load Balancer Controller on an Amazon EKS cluster and expose internal Kubernetes services like Kubernetes Dashboard and Argo CD using an Application Load Balancer (ALB) with HTTPS.

1. Configure kubectl for EKS Cluster

aws eks --region ap-south-1 update-kubeconfig --name zero

Explanation

Updates the local kubeconfig file.
Enables kubectl to authenticate with the EKS cluster using IAM.

2. Download AWS Load Balancer Controller IAM Policy

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.14.1/docs/install/iam_policy.json

Explanation

Contains required AWS permissions for ALB creation and management.

3. Create IAM Policy

aws iam create-policy \
  --policy-name AWSLoadBalancerControllerIAMPolicy \
  --policy-document file://iam_policy.json

Explanation

Creates an IAM policy used by the controller via IRSA.

4. Install Helm

snap install helm --classic

Explanation

Helm is used to deploy Kubernetes applications efficiently.

5. Add EKS Helm Repository

helm repo add eks https://aws.github.io/eks-charts
helm repo update

6. Install eksctl

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

Explanation

eksctl simplifies EKS cluster and IAM-related operations.

7. Associate IAM OIDC Provider

eksctl utils associate-iam-oidc-provider \
  --region ap-south-1 \
  --cluster zero \
  --approve

Explanation

Enables IAM Roles for Service Accounts (IRSA).

8. Create IAM ServiceAccount for ALB Controller

eksctl create iamserviceaccount \
  --cluster=zero \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::497836541334:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --region ap-south-1 \
  --approve

Explanation

Grants the controller permission to manage AWS ALB resources.

9. Install AWS Load Balancer Controller

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=zero \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=ap-south-1 \
  --set vpcId=vpc-0a68838e349634ae8

10. Verify Installation

kubectl get deployment -n kube-system aws-load-balancer-controller
kubectl get pods -n kube-system | grep aws-load-balancer-controller

11. Kubernetes Dashboard Ingress (ALB + HTTPS)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:497836541334:certificate/8ce5cc94-38d1-4fe2-b11e-e158f307f338
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
    alb.ingress.kubernetes.io/healthcheck-path: /api/v1/healthz
spec:
  ingressClassName: alb
  rules:
  - host: eks-dashboard.asifahmadkhan.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

12. Argo CD Ingress (ALB + HTTPS)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-ingress
  namespace: argocd
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:497836541334:certificate/8ce5cc94-38d1-4fe2-b11e-e158f307f338
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
    alb.ingress.kubernetes.io/healthcheck-path: /healthz
spec:
  ingressClassName: alb
  rules:
  - host: argocd.asifahmadkhan.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              number: 80

Summary

Configured AWS Load Balancer Controller using IRSA
Exposed Kubernetes Dashboard and Argo CD via ALB
Secured endpoints using ACM SSL certificates
Implemented production-grade EKS ingress architecture

1. Configure kubectl for EKS Cluster​

2. Download AWS Load Balancer Controller IAM Policy​

3. Create IAM Policy​

4. Install Helm​

5. Add EKS Helm Repository​

6. Install eksctl​

7. Associate IAM OIDC Provider​

8. Create IAM ServiceAccount for ALB Controller​

9. Install AWS Load Balancer Controller​

10. Verify Installation​

11. Kubernetes Dashboard Ingress (ALB + HTTPS)​

12. Argo CD Ingress (ALB + HTTPS)​

Summary​

1. Configure kubectl for EKS Cluster

2. Download AWS Load Balancer Controller IAM Policy

3. Create IAM Policy

4. Install Helm

5. Add EKS Helm Repository

6. Install eksctl

7. Associate IAM OIDC Provider

8. Create IAM ServiceAccount for ALB Controller

9. Install AWS Load Balancer Controller

10. Verify Installation

11. Kubernetes Dashboard Ingress (ALB + HTTPS)

12. Argo CD Ingress (ALB + HTTPS)

Summary