Upgrade AWS Load Balancer Controller¶
EKF 2.0.X uses AWS Load Balancer Controller 2.4.3. This guide will walk you through upgrading AWS Load Balancer Controller from version 2.1.0 to version 2.4.3.
Fast Forward
If you are not running on EKS, proceed to the What’s Next section.
Fast Forward
If you are upgrading from EKF 2.0 or later, expand this box to fast-forward.
- Proceed to the Verify section.
Overview
What You’ll Need¶
- An upgraded management environment.
- Your clone of the Arrikto GitOps repository.
- Arrikto manifests for EKF version 2.0.2.
- An exposed EKF deployment.
Procedure¶
Go to your GitOps repository inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsUpdate the IAM role for AWS Load Balancer Controller.
- Follow the Procedure and Verify sections of the Option 2: Create IAM Role for AWS Load Balancer Controller Manually guide to create or reconfigure the IAM role.
- Return to this guide and proceed with the upgrade.
Note
EKF 2.0.X uses a different name for the IAM role, and updates the permissions of the underlying IAM policy.
Restore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.{envvars-aws,eks-cluster,aws-vpc,eks-alb-iam-alb})root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION EKS_CLUSTER AWS_VPC_ID EKS_ALB_IAM_ALB_ROLEObtain the ARN of the IAM role for AWS Load Balancer Controller:
root@rok-tools:~/ops/deployments# export ROLE_ARN=$(aws iam get-role \ > --role-name ${EKS_ALB_IAM_ALB_ROLE?} \ > --query Role.Arn \ > --output text)Render the service account patch template:
root@rok-tools:~/ops/deployments# j2 \ > rok/aws-load-balancer-controller/overlays/deploy/patches/sa.yaml.j2 \ > -o rok/aws-load-balancer-controller/overlays/deploy/patches/sa.yamlRender the deployment patch template:
root@rok-tools:~/ops/deployments# j2 \ > rok/aws-load-balancer-controller/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/aws-load-balancer-controller/overlays/deploy/patches/deploy.yamlNote
This is needed for worker nodes with IMDSv1 disabled.
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Reconfigure AWS Load Balancer Controller"Apply the manifests:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/aws-load-balancer-controller/overlays/deploy
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsVerify that the AWS Load Balancer Controller runs with
--cluster-name
,--aws-region
and--aws-vpc-id
args set:root@rok-tools:~/ops/deployments# kubectl get deploy \ > -n kube-system aws-load-balancer-controller \ > -o jsonpath="{.spec.template.spec.containers[].args}" \ > | jq -r '.[]' --cluster-name=arrikto-cluster --ingress-class=alb --enable-wafv2=false --enable-waf=false --aws-region=us-west-1 --aws-vpc-id=vpc-069a2ce6446fa019aVerify that the AWS Load Balancer Controller deployment is up and running. Verify that field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl get -n kube-system deploy/aws-load-balancer-controller NAME READY UP-TO-DATE AVAILABLE AGE aws-load-balancer-controller 1/1 1 1 1m