Configure ALB Subnets

This section will guide you through selecting the Application Load Balancer (ALB) scheme and configuring the subnets it will use.

Choose one of the following options to configure your ALB subnets:

Option 1: Configure ALB Subnets Automatically (preferred)

Configure your ALB subnets by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from eks-alb-subnets
../../../../_images/eks-alb-subnets.png

Proceed to the Summary section.

Option 2: Configure ALB Subnets Manually

If you want to configure your ALB subnets manually, follow the instructions below.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.{aws-subnets,eks-cluster})
    root@rok-tools:~/ops/deployments# export AWS_SUBNETS_PUBLIC AWS_SUBNETS_PRIVATE \ > EKS_CLUSTER
  3. Decide on the scheme of the Application Load Balancer you want to use.

    Choose a public ALB if you want to access it through the internet:

    root@rok-tools:~/ops/deployments# export EKS_ALB_SCHEME=internet-facing

    Choose a private ALB if you want to only access it internally through a VPC:

    root@rok-tools:~/ops/deployments# export EKS_ALB_SCHEME=internal
  4. Specify the subnets that the ALB will use. Choose one of the following options based on your ALB scheme.

    Select the subnets among the pool of public subnets AWS_SUBNETS_PUBLIC. These subnets should reside within at least two availability zones.

    root@rok-tools:~/ops/deployments# export EKS_ALB_SUBNETS=${AWS_SUBNETS_PUBLIC?} \ > && echo ${EKS_ALB_SUBNETS?} subnet-0b936cdc4fae6862a subnet-0110cc3509ed64a7e

    Note

    Advanced Networking: We recommend you use all of the available public subnets. However, if you have specific networking requirements, you can explicitly specify a subset of them with:

    root@rok-tools:~/ops/deployments# export EKS_ALB_SUBNETS="<SUBNET1> <SUBNET2>" \ > && echo ${EKS_ALB_SUBNETS?}

    Select the subnets among the pool of private subnets AWS_SUBNETS_PRIVATE. These subnets should reside within at least two availability zones.

    root@rok-tools:~/ops/deployments# export EKS_ALB_SUBNETS=${AWS_SUBNETS_PRIVATE?} \ > && echo ${EKS_ALB_SUBNETS?} subnet-018e3b5b3ec930ccb subnet-074cebd1b78c50066

    Note

    Advanced Networking: We recommend you use all of the available public subnets. However, if you have specific networking requirements, you can explicitly specify a subset of them with:

    root@rok-tools:~/ops/deployments# export EKS_ALB_SUBNETS="<SUBNET1> <SUBNET2>" \ > && echo ${EKS_ALB_SUBNETS?}
  5. Tag the subnets that the ALB will use so that they can be auto-discovered from the AWS Load Balancer Controller:

    root@rok-tools:~/ops/deployments# aws ec2 create-tags \ > --resources ${EKS_ALB_SUBNETS?} \ > --tags Key="kubernetes.io/cluster/${EKS_CLUSTER?}",Value="shared"
  6. Save your state:

    root@rok-tools:~/ops/deployments# j2 deploy/env.eks-alb-subnets.j2 \ > -o deploy/env.eks-alb-subnets
  7. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Configure ALB Subnets"
  8. Mark your progress:

    root@rok-tools:~/ops/deployments# export DATE=$(date -u "+%Y-%m-%dT%H.%M.%SZ")
    root@rok-tools:~/ops/deployments# git tag \ > -a deploy/${DATE?}/release-1.5/eks-alb-subnets \ > -m "Configure ALB Subnets"

Verify

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.{aws-subnets,eks-cluster,eks-alb-subnets})
    root@rok-tools:~/ops/deployments# export AWS_SUBNETS_PUBLIC AWS_SUBNETS_PRIVATE \ > EKS_CLUSTER EKS_ALB_SUBNETS
  3. List the subnets that the Application Load Balancer will use:

    root@rok-tools:~/ops/deployments# aws ec2 describe-subnets \ > --subnet-ids ${EKS_ALB_SUBNETS?} \ > --query "Subnets[].[SubnetId,AvailabilityZone,Tags[?Key==\`kubernetes.io/cluster/${EKS_CLUSTER?}\`]|[0].Value]" \ > --output table ------------------------------------------------------- | DescribeSubnets | +---------------------------+--------------+----------+ | subnet-0b936cdc4fae6862a | us-east-1a | shared | | subnet-0110cc3509ed64a7e | us-east-1b | shared | +---------------------------+--------------+----------+
    root@rok-tools:~/ops/deployments# aws ec2 describe-subnets \ > --subnet-ids ${EKS_ALB_SUBNETS?} \ > --query "Subnets[].[SubnetId,AvailabilityZone,Tags[?Key==\`kubernetes.io/cluster/${EKS_CLUSTER?}\`]|[0].Value]" \ > --output table ------------------------------------------------------- | DescribeSubnets | +---------------------------+--------------+----------+ | subnet-018e3b5b3ec930ccb | us-east-1a | shared | | subnet-074cebd1b78c50066 | us-east-1b | shared | +---------------------------+--------------+----------+
  4. Verify that the selected ALB subnets match the ALB scheme. Choose one of the following options based on your ALB scheme.

    Ensure that the ALB subnets are public. To do that, ensure that all of the subnets in the list of step 3 exist in the list of public subnets. To list the public subnets:

    root@rok-tools:~/ops/deployments# echo ${AWS_SUBNETS_PUBLIC?} subnet-0b936cdc4fae6862a subnet-0110cc3509ed64a7e

    Ensure that the ALB subnets are private. To do that, ensure that all of the subnets in the list of step 3 exist in the list of private subnets. To list the private subnets:

    root@rok-tools:~/ops/deployments# echo ${AWS_SUBNETS_PRIVATE?} subnet-018e3b5b3ec930ccb subnet-074cebd1b78c50066
  5. Ensure that the subnets in the list of step 3 do not all belong to the same availability zone, that is, the second column refers to at least two AZs across all subnets.

  6. Ensure that the subnets in the list of step 3 have the kubernetes.io/cluster/<EKS_CLUSTER> tag set, that is, the third column shows the value shared for every single row.

Summary

You have successfully selected the Application Load Balancer scheme and configured its subnets.

What’s Next

The next steps is to deploy an NGINX Ingress Controller.