Installing an Application Load Balancer Ingress controller for Managed Service for Kubernetes
To balance the load and distribute traffic between Kubernetes applications, use an Yandex Application Load Balancer Ingress controller. It runs the load balancer and the required auxiliary resources when the user creates an Ingress
resource in a Managed Service for Kubernetes cluster.
Getting started
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter. -
Create a service account for the ingress controller to run and assign the following roles to it:
alb.editor
: To create the required resources.vpc.publicAdmin
: To manage external connectivity.certificate-manager.certificates.downloader
: To use certificates registered in Yandex Certificate Manager.compute.viewer
: To use Managed Service for Kubernetes cluster nodes in balancer target groups.
-
Create an authorized access key for the service account in JSON format and save it to the
sa-key.json
file:yc iam key create \ --service-account-name <Ingress_controller_service_account_name> \ --output sa-key.json
Installation using Yandex Cloud Marketplace
- Go to the folder page and select Managed Service for Kubernetes.
- Click the cluster name and select the Marketplace
- Under Applications available for installation, select the ALB Ingress Controller and click Use.
- Configure the application:
- Namespace: Select a namespace or create a new one.
- Application name: Enter a name for the application.
- Folder ID: Specify a folder ID.
- Cluster ID: Specify a cluster ID.
- Service account key: Paste the contents of the
sa-key.json
file.
- Click Install.
- Wait for the application to change its status to
Deployed
.
Installation using a Helm chart
-
Install Helm
v3.7.0 or higher. -
Install kubectl
and configure it to work with the created cluster. -
Install the
jq
utility for piped processing of JSON files.sudo apt update && sudo apt install jq
-
To install a Helm chart
with the Ingress controller, run these commands:export HELM_EXPERIMENTAL_OCI=1 && \ cat sa-key.json | helm registry login cr.yandex --username 'json_key' --password-stdin && \ helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/yc-alb-ingress/yc-alb-ingress-controller-chart \ --version v0.1.25 \ --untar && \ helm install \ --namespace <namespace> \ --create-namespace \ --set folderId=<folder_ID> \ --set clusterId=<cluster_ID> \ --set-file saKeySecretKey=sa-key.json \ yc-alb-ingress-controller ./yc-alb-ingress-controller-chart/