Deploying an internet-facing ALB for a private Amazon EKS cluster

Step-by-Step Guide:

To create an ALB with a private EKS cluster

1. Create a private EKS cluster. 

In our case, we used eksctl, so we added

privateCluster: enabled: true

Since our route is going through the NAT Gateway, we added it and specified that we will use only private subnets

vpc: nat: gateway: Enable subnets: private: us-east-2a: id: subnet-0000000000000001 us-east-2b: id: subnet-0000000000000002 us-east-2c: id: subnet-0000000000000003

For node groups, we specified 

privateNetworking: true

2. Deploy ALB controller

https://docs.sisense.com/main/SisenseLinux/using-an-aws-load-balancer-controller-with-sisense-on-amazon-eks.htm

• Attach IAM Roles to the EKS node groups by specifying the following arguments to the script:

EKS_NAME: Your EKS Cluster name
EKS_REGION: The region where the EKS is located
NAMESPACE: (optional) Target namespace for ALB controller; by default, it will be installed in the “default” namespace

curl https://data.sisense.com/linux/scripts/aws-alb-iam-attach.sh | bash -x -s <EKS_NAME> <EKS_REGION> <NAMESPACE>

• Edit extra installation values

vim ./installer/extra_values/installer/installer-values.yaml

Note-

• Since our worker groups are in private subnets, we must specify the public subnets in Kubernetes annotations.

alb_controller: enabled: true hostNetwork: false certificate_arn: "your_certificate_arn" annotations: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/auth-session-timeout: 604800 alb.ingress.kubernetes.io/subnets: subnet-public-0,subnet-public-1,subnet-public-2 #alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 5 #alb.ingress.kubernetes.io/healthcheck-interval-seconds: 15

• Your public subnets should be tagged with

kubernetes.io/role/elb = 1

• Keep in mind that you have to set

cloud_load_balancer: false is_ssl: false

In cloud_config.yaml

3. Install Sisense

./sisense.sh cloud_config.yaml

References/Related Content 

• https://docs.sisense.com/main/SisenseLinux/using-an-aws-load-balancer-controller-with-sisense-on-amazon-eks.htm
• https://docs.sisense.com/main/SisenseLinux/using-an-aws-load-balancer-controller-with-sisense-on-amazon-eks.htm

Conclusion: 

This is how you can configure an internet-facing Application Load Balancer (ALB) for a private Amazon EKS cluster.

Disclaimer: This post outlines a potential custom workaround for a specific use case or provides instructions regarding a specific task. The solution may not work in all scenarios or Sisense versions, so we strongly recommend testing it in your environment before deployment. If you need further assistance with this, please let us know.