How to Set Up an EKS Cluster with AWS Load Balancer Controller and Kubernetes Dashboard
In this comprehensive guide, we walk through creating a fully functional Amazon EKS environment, complete with IAM Roles for Service Accounts, the AWS Load Balancer Controller, and a production-ready Kubernetes Dashboard. You’ll learn how to associate an OIDC provider with your cluster, set up the AWS Load Balancer Controller via Helm, and expose the Kubernetes Dashboard with a secure, external Application Load Balancer using SSL certificates.
Published Dec 16, 2024
In this guide, we’ll walk through the process of creating an Amazon Elastic Kubernetes Service
(EKS) cluster, enabling IAM Roles for Service Accounts (IRSA), deploying the AWS Load Balancer Controller, and configuring the Kubernetes Dashboard behind an Application Load Balancer. By the end, you’ll have a production-ready environment with a clean web interface to manage your Kubernetes resources.
Prerequisites:
- AWS CLI configured with appropriate IAM permissions
eksctl
CLI tool installed and configuredhelm
CLI tool installed- kubectl configured to interact with your EKS cluster
For demonstration purposes, we’ll assume:
- Kubernetes version: 1.30 (or your preferred supported version)
- EKS Cluster name: PoC
Use
eksctl
to create an EKS cluster. Ensure you specify your desired region, node configuration, and Kubernetes version. For example:This will take several minutes. Once completed, your kubectl context will automatically be set to interact with the new cluster.
To use IAM Roles for Service Accounts (IRSA), you must associate your cluster with an OIDC provider:
This command configures the cluster to trust IAM roles bound to specific Kubernetes service accounts.
The AWS Load Balancer Controller manages ALBs and NLBs for Kubernetes services, providing a dynamic and managed way to route traffic to workloads running in your cluster.
a. Download the IAM Policy for the Controller
b. Create the IAM Policy
c. Create the IAM Service Account for the Controller
Bind the IAM policy to a Kubernetes service account using IRSA:
Replace
<YOUR_ACCOUNT_ID>
with your AWS account ID.d. Add the EKS Helm Repository
e. Install the AWS Load Balancer Controller
This will create the necessary resources to manage AWS load balancers in your cluster.
The Kubernetes Dashboard provides a convenient web UI for monitoring and managing your cluster’s resources. Here, we will configure it to be accessible via an external ALB.
a. Pull the Helm Chart
This will download and extract the Kubernetes Dashboard Helm chart locally.
b. Configure Ingress in
values.yaml
Edit the
values.yaml
file to enable ingress and add the following annotations:Replace the
alb.ingress.kubernetes.io/certificate-arn
value with the correct Amazon Certificate Manager (ACM) ARN for your SSL certificate.c. Install or Upgrade the Kubernetes Dashboard
After a few moments, the Application Load Balancer will be provisioned by the AWS Load Balancer Controller. You can retrieve the ALB’s hostname from the created Ingress resource:
Use the returned hostname to access the dashboard in your browser. The Dashboard requires a bearer token for authentication. You can use the token from the
admin-user
service account or any other configured service account with the necessary permissions.For example, to retrieve the token for the
admin-user
(if you’ve previously set one up):Copy the returned token, navigate to the dashboard URL, and paste the token when prompted.
By following the steps above, you’ve successfully:
- Created an EKS Cluster and enabled OIDC for IRSA
- Deployed and configured the AWS Load Balancer Controller
- Installed the Kubernetes Dashboard behind an ALB with a secure SSL configuration
This setup not only provides a user-friendly UI to manage your Kubernetes resources but also leverages AWS-native features for secure, scalable, and highly-available load balancing.
You now have a powerful, production-ready Kubernetes environment at your fingertips.