Project Name:- Deploy a 2048-game in EKS

sushma amarnenisushma amarneni
4 min read

Prerequisite- Configure AWS CLI, install Kubectl and eksctl and helm in ubuntu ec2 machine.

Step1- Create cluster using fargate.

eksctl create cluster --name demo-cluster --region us-east-1 --fargate

eksctl utility creates everything for us and it will take 10 to 15mins.

To update context in kubeconfig

aws eks update-kubeconfig --name demo-cluster --region us-east-1

Step3- verify the current context.

A context tells kubectl which cluster to talk to. There could be many clusters.

Contexts are defined in the kubeconfig file. which is located at ~/.kube/config

kubectl config current-context

Step4- Create fargate profile by name “alb-sample-app” and also create namespace for this

eksctl create fargateprofile --cluster demo-cluster --region us-east-1 --name alb-sample-app --namespace game-2048

Fargate profile specifies which pod should run on fargate based on namespace.

Step5- Run this command

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/examples/2048/2048_full.yaml

The ALB Ingress Controller monitors Ingress resources in the cluster. When it detects a matching rule, it forwards the request to the corresponding Kubernetes Service (in this case, service-2048), which in turn forwards the request to the appropriate Pod within the game-2048 namespace.

So far, we have created the Deployment, Service, and Ingress resources for the application.

Before proceeding to install the Ingress Controller (AWS ALB Ingress Controller), let’s first verify whether all our resources are running correctly

Service Status Review

The service-2048 is running successfully. It is of type NodePort, which means it has a ClusterIP but no external IP. This setup allows access to the pod only from within the VPC, using the Node IP and the NodePort.

However, our goal is to allow access to this pod from outside AWS—by end users or customers. For that, we’ve created an Ingress resource.

Ingress Status Review

As shown below , the Ingress has been created. It has the required class and port, but no external address yet. The ADDRESS field is blank.

This is expected—once we deploy the Ingress Controller, this field will be populated.

The ALB Ingress Controller will watch the ingress-2048 resource and automatically:

  • Create an Application Load Balancer (ALB) in your AWS environment

  • Configure the ALB according to the ingress rules

🔧 Step-by-Step: Deploying the AWS ALB Ingress Controller

eksctl utils associate-iam-oidc-provider --cluster demo-cluster –region us-east-1 –approve

We are associating OIDC provider to the Cluster.

Secure and Scalable Access in EKS using OIDC + Service Accounts

To get secure and scalable access management for pods running in EKS cluster. We use service account and OIDC provider.

Every pod can use service account.Service account helps pod to interact with K8S APIs. EkS verify the identity of service account using token issued by OIDC Provider. K8S map the Service account to IAM role using OICD. So OIDC provider authenticate service Account.

Actually ALB controller is a pod and it has to talk to ALB so it needs a role. For this we first define IAM policy by;-

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json

This will download policy and after that we have to create IAM policy by;-

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

Now create role by;-

eksctl create iamserviceaccount \
  --cluster=<your-cluster-name> \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --role-name AmazonEKSLoadBalancerControllerRole \
  --attach-policy-arn=arn:aws:iam::<your-aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve

Here i am also attaching the role to the service account of the pod.

Step8- Run this command.

To install helm in ubuntu :

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

helm repo add eks https://aws.github.io/eks-charts

Step9- Run this command.

helm repo update eks

Step10- Run this command.

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \            
  -n kube-system \
  --set clusterName=demo-cluster \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=us-east-1 \
  --set vpcId=<your-vpc-id>

See load balancer controller(Ingress Controller) is working fine. It has two replicas. It will Continuously watches for ingress resources(ingress-2048) and it it will create ALB in two AZ. Now go to Aws and see if this Controller has created ALB or not?

So it has created ALB successfully we can see☝️

k8s-game2048-ingress2-bcac0b5b37-145392394.us-east-1.elb.amazonaws.com created by Ingress controller for load balancer by watching ingress resource.

Step12- Now access the applicaton using this address on web browser.

0
Subscribe to my newsletter

Read articles from sushma amarneni directly inside your inbox. Subscribe to the newsletter, and don't miss out.

2048 game

Written by

sushma amarneni
sushma amarneni