eks alb 관련 정리

OIDC 권한 생성
cli

eksctl utils associate-iam-oidc-provider --cluster {{cluster-name}} --profile {{aws accout name}} --region {{region}} --approve 

or
console (IAM - 자격증명 공급자)
대상 : sts.amazonaws.com

ALB 정책 생성 (해당 정책이 IAM 서비스에 있다면 SKIP)
alb github
https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller

curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json

aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://alb-policy.json 

서비스 어카운트 생성

eksctl create iamserviceaccount \
--cluster={{cluster-name}} 
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name=AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::{{AWS ACCOUNT NUMBER}}:policy/AWSLoadBalancerControllerIAMPolicy \
--approve 

2023-02-23 15:24:34 [ℹ]  1 task: { 
    2 sequential sub-tasks: { 
        create IAM role for serviceaccount "kube-system/aws-load-balancer-contoller",
        create serviceaccount "kube-system/aws-load-balancer-contoller",
    } }2023-02-23 15:24:34 [ℹ]  building iamserviceaccount stack "eksctl-eks-dev-cluster-addon-iamserviceaccount-kube-system-aws-load-balancer-contoller"
2023-02-23 15:24:35 [ℹ]  deploying stack "eksctl-eks-dev-cluster-addon-iamserviceaccount-kube-system-aws-load-balancer-contoller"
2023-02-23 15:24:35 [ℹ]  waiting for CloudFormation stack "eksctl-eks-dev-cluster-addon-iamserviceaccount-kube-system-aws-load-balancer-contoller"
2023-02-23 15:25:05 [ℹ]  waiting for CloudFormation stack "eksctl-eks-dev-cluster-addon-iamserviceaccount-kube-system-aws-load-balancer-contoller"
2023-02-23 15:25:49 [ℹ]  waiting for CloudFormation stack "eksctl-eks-dev-cluster-addon-iamserviceaccount-kube-system-aws-load-balancer-contoller"
2023-02-23 15:25:49 [ℹ]  created serviceaccount "kube-system/aws-load-balancer-contoller"

실패 시 eksctl utils associate-iam-oidc-provider cli 실행

생성 확인 혹은 콘솔에서 cloudformation에서 확인 가능

kubectl get serviceaccount -n kube-system 

그 이후 Helm 혹은 kubectl로 배포 가능
https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/aws-load-balancer-controller.html

alb helm update (helm repo에서 (eks-charts 필수)

helm upgrade -n kube-system aws-load-balancer-controller eks/aws-load-balancer-controller