Upgrade AWS Load Balancer Controller

EKF 2.0 uses AWS Load Balancer Controller 2.4.3. This guide will walk you through upgrading AWS Load Balancer Controller from version 2.1.0 to version 2.4.3.

Fast Forward

If you are not running on EKS, proceed to the What’s Next section.


  1. Go to your GitOps repository inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Update the IAM role for AWS Load Balancer Controller.

    1. Follow the Procedure and Verify sections of the Option 2: Create IAM Role for AWS Load Balancer Controller Manually guide to create or reconfigure the IAM role.
    2. Return to this guide and proceed with the upgrade.


    EKF 2.0 uses a different name for the IAM role, and updates the permissions of the underlying IAM policy.

  3. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.{envvars-aws,eks-cluster,aws-vpc,eks-alb-iam-alb})
    root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION EKS_CLUSTER AWS_VPC_ID EKS_ALB_IAM_ALB_ROLE
  4. Obtain the ARN of the IAM role for AWS Load Balancer Controller:

    root@rok-tools:~/ops/deployments# export ROLE_ARN=$(aws iam get-role \ > --role-name ${EKS_ALB_IAM_ALB_ROLE?} \ > --query Role.Arn \ > --output text)
  5. Render the service account patch template:

    root@rok-tools:~/ops/deployments# j2 \ > rok/aws-load-balancer-controller/overlays/deploy/patches/sa.yaml.j2 \ > -o rok/aws-load-balancer-controller/overlays/deploy/patches/sa.yaml
  6. Render the deployment patch template:

    root@rok-tools:~/ops/deployments# j2 \ > rok/aws-load-balancer-controller/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/aws-load-balancer-controller/overlays/deploy/patches/deploy.yaml


    This is needed for worker nodes with IMDSv1 disabled.

  7. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Reconfigure AWS Load Balancer Controller"
  8. Apply the manifests:

    root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/aws-load-balancer-controller/overlays/deploy


  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Verify that the AWS Load Balancer Controller runs with --cluster-name, --aws-region and --aws-vpc-id args set:

    root@rok-tools:~/ops/deployments# kubectl get deploy \ > -n kube-system aws-load-balancer-controller \ > -o jsonpath="{.spec.template.spec.containers[].args}" \ > | jq -r '.[]' --cluster-name=arrikto-cluster --ingress-class=alb --enable-wafv2=false --enable-waf=false --aws-region=us-west-1 --aws-vpc-id=vpc-069a2ce6446fa019a
  3. Verify that the AWS Load Balancer Controller deployment is up and running. Verify that field READY is 1/1:

    root@rok-tools:~/ops/deployments# kubectl get -n kube-system deploy/aws-load-balancer-controller NAME READY UP-TO-DATE AVAILABLE AGE aws-load-balancer-controller 1/1 1 1 1m


You have successfully upgraded AWS Load Balancer Controller.

What’s Next

The next step is to upgrade NGINX Controller.