Help improve this page
Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.
Install AWS Load Balancer Controller with Helm
This topic describes how to install the AWS Load Balancer Controller using Helm, a package manager for Kubernetes, and
eksctl
. The controller is installed with default options. For more information about the
controller, including details on configuring it with annotations, see the AWS Load Balancer Controller
Documentation
In the following steps, replace the
with your own values.example values
Prerequisites
Before starting this tutorial, you must install and configure the following tools and resources that you need to create and manage an Amazon EKS cluster.
-
An existing Amazon EKS cluster. To deploy one, see Get started with Amazon EKS.
-
An existing AWS Identity and Access Management (IAM) OpenID Connect (OIDC) provider for your cluster. To determine whether you already have one, or to create one, see Create an IAM OIDC provider for your cluster.
-
Make sure that your Amazon VPC CNI plugin for Kubernetes,
kube-proxy
, and CoreDNS add-ons are at the minimum versions listed in Service account tokens. -
Familiarity with AWS Elastic Load Balancing. For more information, see the Elastic Load Balancing User Guide.
-
Helm
installed locally.
Step 1: Create IAM Role using eksctl
Note
You only need to create an IAM Role for the AWS Load Balancer Controller one per AWS account. Check if
AmazonEKSLoadBalancerControllerRole
exists in the IAM Console
Create an IAM policy.
-
Download an IAM policy for the AWS Load Balancer Controller that allows it to make calls to AWS APIs on your behalf.
-
Create an IAM policy using the policy downloaded in the previous step.
$
aws iam create-policy \ --policy-name
AWSLoadBalancerControllerIAMPolicy
\ --policy-document file://iam_policy.jsonNote
If you view the policy in the AWS Management Console, the console shows warnings for the ELB service, but not for the ELB v2 service. This happens because some of the actions in the policy exist for ELB v2, but not for ELB. You can ignore the warnings for ELB.
Create IAM Role using eksctl
-
Replace
with the name of your cluster,my-cluster
with your account ID, and then run the command. If your cluster is in the AWS GovCloud (US-East) or AWS GovCloud (US-West) AWS Regions, then replace111122223333
arn:aws:
witharn:aws-us-gov:
.$
eksctl create iamserviceaccount \ --cluster=
my-cluster
\ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-nameAmazonEKSLoadBalancerControllerRole
\ --attach-policy-arn=arn:aws:iam::111122223333
:policy/AWSLoadBalancerControllerIAMPolicy
\ --approve
Step 2: Install AWS Load Balancer Controller
Install AWS Load Balancer Controller using Helm V3
-
Add the
eks-charts
Helm chart repository. AWS maintains this repositoryon GitHub. $
helm repo add eks https://aws.github.io/eks-charts
-
Update your local repo to make sure that you have the most recent charts.
$
helm repo update eks
-
Install the AWS Load Balancer Controller.
Replace
with the name of your cluster. In the following command,my-cluster
aws-load-balancer-controller
is the Kubernetes service account that you created in a previous step.For more information about configuring the helm chart, see
values.yaml
on GitHub. $
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=
my-cluster
\ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller-
If you're deploying the controller to Amazon EC2 nodes that have restricted access to the Amazon EC2 instance metadata service (IMDS)
, or if you're deploying to Fargate, then add the following flags to the helm
command that follows:-
--set region=
region-code
-
--set vpcId=
vpc-xxxxxxxx
-
-
To view the available versions of the Helm Chart and Load Balancer Controller, use the following command:
helm search repo eks/aws-load-balancer-controller --versions
Important
The deployed chart doesn't receive security updates automatically. You need to manually upgrade to a newer chart when it becomes available. When upgrading, change
toinstall
in the previous command.upgrade
The
helm install
command automatically installs the custom resource definitions (CRDs) for the controller. Thehelm upgrade
command does not. If you usehelm upgrade,
you must manually install the CRDs. Run the following command to install the CRDs:wget https://raw.githubusercontent.com/aws/eks-charts/master/stable/aws-load-balancer-controller/crds/crds.yaml kubectl apply -f crds.yaml
-
Step 3: Verify that the controller is installed
-
Verify that the controller is installed.
$
kubectl get deployment -n kube-system aws-load-balancer-controller
An example output is as follows.
NAME READY UP-TO-DATE AVAILABLE AGE aws-load-balancer-controller 2/2 2 2 84s
You receive the previous output if you deployed using Helm. If you deployed using the Kubernetes manifest, you only have one replica.
-
Before using the controller to provision AWS resources, your cluster must meet specific requirements. For more information, see Route application and HTTP traffic with Application Load Balancers and Route TCP and UDP traffic with Network Load Balancers.