xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity
Files
61f28b424d9c7f0aa6c5527cc39716669b9f482087c708f37979b8671876bd70
terraform.examples/EksIp6Nginxpod
T
History

README.md

Post-install steps

Create lbc service account

kubectl apply -f 1-lbc.yaml

Install AWS Load Balancer Controller in EKS

helm repo add eks https://aws.github.io/eks-charts helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller
-n kube-system
--set clusterName=xpk-eks01-sunbird
--set serviceAccount.create=false
--set serviceAccount.name=aws-load-balancer-controller-sa

kubectl -n kube-system get deployment aws-load-balancer-controller

kubectl logs -n kube-system deployment/aws-load-balancer-controller -f

Allow web traffic to nodes

Port 80 needs to be allowed on eks node's SGs. Then ALB can successfully register targets. This is now done in main.tf.

Testing

ALB correctly sending traffic to nginx pods!

curl k8s-default-nginxing-a42064aa7e-1786392641.ap-east-1.elb.amazonaws.com
<h1>Web Server nginx-web-f5988bf66-9lghc - Unique ID: </h1><p>Deployed on EKS Wed Feb 11 09:46:41 UTC 2026</p>

curl k8s-default-nginxing-a42064aa7e-1786392641.ap-east-1.elb.amazonaws.com
<h1>Web Server nginx-web-f5988bf66-6ptff - Unique ID: </h1><p>Deployed on EKS Wed Feb 11 09:46:41 UTC 2026</p>

curl k8s-default-nginxing-a42064aa7e-1786392641.ap-east-1.elb.amazonaws.com
<h1>Web Server nginx-web-f5988bf66-tw6rr - Unique ID: </h1><p>Deployed on EKS Wed Feb 11 09:46:45 UTC 2026</p>

Notes on IPv6

EKS could not be deployed on ipv6-only private subnets. It appears AWS requires at least 2 free IPv4 addresses in the subnet. I tried and the following error was returned.

Error: creating EKS Cluster (xpk-eks01-akita): operation error EKS: CreateCluster, https response error StatusCode: 400, 
RequestID: b25794cc-3220-4393-a435-c92e2f8aafdd, InvalidParameterException: Atleast one subnet in each AZ should have 2 free IPs. 
Invalid AZs: { [ap-east-1c, ap-east-1b] }, provided subnets: { subnet-02aaf75a3e4700f74, subnet-02071b29e2883d5b1 }

Notes on KMS key

I tried using aws-managed key for EKS, but it failed to deploy with an error.

  encryption_config = {
    provider_key_arn = "arn:aws:kms:${data.aws_region.this.id}:${data.aws_caller_identity.current.account_id}:alias/aws/secretsmanager"
    resources        = ["secrets"]
  }

 Error: creating EKS Cluster (xpk-eks01-vervet): operation error EKS: CreateCluster, https response error StatusCode: 400, RequestID: 
 0b866e07-352a-439c-9196-f7a671bdd0ee, api error InvalidRequestException: User not authorized to perform kms:CreateGrant operation

When I used create_kms_key = true, EKS was created successfully. I can see that the EKS cluster role is explicitly allowed in the key policy.

View Git Blame Copy Permalink