xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity
Files
36036bb6f5cecf8d00d08b1bd614d580168312c938baa26e0838f0f2765f1b50
terraform.examples/EksIp6Nginxpod/README.md
T
xpk 958e4977e9 chore: renamed layers
2026-02-13 17:48:17 +08:00

65 lines
2.6 KiB
Markdown
Raw Blame History

# Post-install steps
## Create lbc service account
kubectl apply -f 1-lbc.yaml
## Install AWS Load Balancer Controller in EKS
helm repo add eks https://aws.github.io/eks-charts
helm repo update
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=xpk-eks01-sunbird \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller-sa
kubectl -n kube-system get deployment aws-load-balancer-controller
kubectl logs -n kube-system deployment/aws-load-balancer-controller -f
## Allow web traffic to nodes
Port 80 needs to be allowed on eks node's SGs. Then ALB can successfully register targets. This is now done in main.tf.
## Testing
ALB correctly sending traffic to nginx pods!
```bash
curl k8s-default-nginxing-a42064aa7e-1786392641.ap-east-1.elb.amazonaws.com
<h1>Web Server nginx-web-f5988bf66-9lghc - Unique ID: </h1><p>Deployed on EKS Wed Feb 11 09:46:41 UTC 2026</p>
curl k8s-default-nginxing-a42064aa7e-1786392641.ap-east-1.elb.amazonaws.com
<h1>Web Server nginx-web-f5988bf66-6ptff - Unique ID: </h1><p>Deployed on EKS Wed Feb 11 09:46:41 UTC 2026</p>
curl k8s-default-nginxing-a42064aa7e-1786392641.ap-east-1.elb.amazonaws.com
<h1>Web Server nginx-web-f5988bf66-tw6rr - Unique ID: </h1><p>Deployed on EKS Wed Feb 11 09:46:45 UTC 2026</p>
```
## Notes on IPv6
EKS could not be deployed on ipv6-only private subnets. It appears AWS requires at least 2 free IPv4 addresses in the subnet.
I tried and the following error was returned.
```
Error: creating EKS Cluster (xpk-eks01-akita): operation error EKS: CreateCluster, https response error StatusCode: 400,
RequestID: b25794cc-3220-4393-a435-c92e2f8aafdd, InvalidParameterException: Atleast one subnet in each AZ should have 2 free IPs.
Invalid AZs: { [ap-east-1c, ap-east-1b] }, provided subnets: { subnet-02aaf75a3e4700f74, subnet-02071b29e2883d5b1 }
```
## Notes on KMS key
I tried using aws-managed key for EKS, but it failed to deploy with an error.
```hcl
encryption_config = {
provider_key_arn = "arn:aws:kms:${data.aws_region.this.id}:${data.aws_caller_identity.current.account_id}:alias/aws/secretsmanager"
resources = ["secrets"]
}
```
```
Error: creating EKS Cluster (xpk-eks01-vervet): operation error EKS: CreateCluster, https response error StatusCode: 400, RequestID:
0b866e07-352a-439c-9196-f7a671bdd0ee, api error InvalidRequestException: User not authorized to perform kms:CreateGrant operation
```
When I used ```create_kms_key = true```, EKS was created successfully. I can see that the EKS cluster role is explicitly allowed
in the key policy.
View Git Blame Copy Permalink