Comment on page
Creating an AWS Load Balancer
This guide shows you how to add an application load balancer in front of your Garden Enterprise Kubernetes Cluster in AWS.
We will outline the process in six steps with references to the official AWS documentation.
Step 2: Configure security settings for an HTTPS listener. You'll need to configure the availability zones so that your new load balancer is in the same VPC as your EKS cluster and in a public subnet.
Step 3: Configure a security group. Here you'll need to apply the security group that your EKS worker nodes are using. This is necessary for the load balancer to be able to forward traffic to the worker nodes. Furthermore you'll need to add a security group for port
80
and port 443
so that they are open to accepting connections through the public internet.Step 4: Configure a target group. When configuring the health checks on the target groups in this step please choose the success codes
200 - 404
. This is necessary because we also want the default backend which returns 404
to be recognized as healthy.
Configuring health checks on the target group
Step 5: Configure targets for the target group. Here you will need to select your worker nodes from your EKS cluster as the targets in the target group.
As an alternative to configuring the load balancer via AWS Console, you can also use terraform. This small snippet is an example on how to set up an application load balancer. Please keep in mind that you again need to pay attention to the security groups and health checks. You will need to replace all of the values starting with
my-
with your own.module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "~> 5.0"
name = "garden-enterprise-lb"
load_balancer_type = "application"
vpc_id = "my-eks-vpc-id"
subnets = ["my-public-subnet"]
security_groups = ["my-http-and-https-secgroup", "my-eks-workernode-secgroup"]
target_groups = [
{
name_prefix = "default-"
backend_protocol = "HTTP"
backend_port = 80
target_type = "instance"
health_check = { matcher = "200-404" }
}
]
https_listeners = [
{
port = 443
protocol = "HTTPS"
certificate_arn = "my-certificate-resource"
target_group_index = 0
}
]
http_tcp_listeners = [
{
port = 80
protocol = "HTTP"
action_type = "redirect"
redirect = {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
]
tags = {
Environment = "Garden-LB"
}
}