####!/bin/bash
export TMP_DIR="$(pwd)"
export SUFFIX="-jrfuller"
export CLUSTER_NAME="$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}")"
export AWS_PAGER=""
export VPC=$(aws ec2 describe-vpcs --output json --filters
Name=tag-value,Values="${CLUSTER_NAME}*"
--query "Vpcs[].VpcId" --output text)
export SUBNET_IDS=$(aws ec2 describe-subnets --output json
--filters Name=tag-value,Values="${CLUSTER_NAME}-public"
--query "Subnets[].SubnetId" --output text | sed 's/\t/ /g')
export AWS_REGION="$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')"
export NAMESPACE="alb-controller"
export SA="alb-controller"
export OIDC_PROVIDER=$(oc get authentication.config.openshift.io cluster -o json
| jq -r .spec.serviceAccountIssuer | sed -e "s/^https:////")
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
wget -O $TMP_DIR/iam-policy.json
https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json
aws iam create-policy --policy-name
"AWSLoadBalancerControllerIAMPolicy${SUFFIX}"
--policy-document file://$TMP_DIR/iam-policy.json
--query Policy.Arn --output text
export LB_POL_NAME="AWSLoadBalancerControllerIAMPolicy${SUFFIX}"
export POLICY_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:policy/${LB_POL_NAME}"
export ALB_ROLE_NAME="rosa1-alb-controller${SUFFIX}"
export ALB_ROLE="arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ALB_ROLE_NAME}"
cat <
aws iam create-role --role-name "${ALB_ROLE_NAME}"
--assume-role-policy-document file://$TMP_DIR/TrustPolicy.json
--query "Role.Arn" --output text
aws iam attach-role-policy
--role-name "${ALB_ROLE_NAME}"
--policy-arn $POLICY_ARN
aws ec2 create-tags
--resources
--tags Key=kubernetes.io/role/elb,Value=''
helm install alb-controller eks/aws-load-balancer-controller
-n $NAMESPACE
--set clusterName=$CLUSTER_NAME
--set serviceAccount.name=$SA
--set "vpcId=$VPC"
--set "region=$AWS_REGION"
--set serviceAccount.annotations.'eks.amazonaws.com/role-arn'=$ALB_ROLE
--set "image.repository=amazon/aws-alb-ingress-controller"
--version 1.4.6
oc adm policy add-scc-to-user anyuid -z $SA -n $NAMESPACE
##################
##################
oc new-project my-public-app
oc new-app --docker-image=docker.io/openshift/hello-openshift -n my-public-app
oc patch service hello-openshift -p '{"spec":{"type":"NodePort"}}' -n my-public-app
cat <<EOF | oc apply -f - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: hello-openshift namespace: my-public-app annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: instance alb.ingress.kubernetes.io/shield-advanced-protection: "true" labels: app: hello-openshift spec: rules: - host: test.bar http: paths: - pathType: Prefix path: /hello backend: service: name: hello-openshift port: number: 8080 - pathType: Prefix path: /bye backend: service: name: hello-openshift port: number: 8080 EOF
export INGRESS_NAME="hello-openshift"
export ALB_HOSTNAME="$(oc get ingress ${INGRESS_NAME} -o jsonpath='{.status.loadBalancer.ingress[].hostname}')"
We set no default path, so this returns nothing. Adding "path: /" to the ingress controller makes this work.s
curl -s --header "Host: test.bar" ${ALB_HOSTNAME}/
curl -s --header "Host: test.bar"