Correct Answers: D, E.
In order to set up an AWS Application Load Balancer with an Amazon EKS cluster using AWS Fargate like in this scenario, you create a cluster and an AWS Fargate profile.
Then, you set up an OIDC provider with the cluster.
You create the IAM policy so the ALB Ingress Controller can manage the AWS resources.
Afterward, you create a cluster role, role binding, and a Kubernetes service account attached to the ALB Ingress Controller running pod.
Once these steps are completed, you deploy your application and create the Service and Ingress resources.
Incorrect Answers:
Option A is incorrect because Fargate does not automatically allocate the IAM policy.
Option B is incorrect because the steps described do not create and provision the cluster.
Option C is incorrect because the steps described do not create the IAM policy.
So the ALB Ingress Controller can manage the AWS resources.
References:
https://go.aws/2M2UeMm https://go.aws/2AglmF0
Sure, I can provide you with a detailed explanation of the steps required to set up an AWS Application Load Balancer with a provisioned Amazon EKS cluster for ingress-based load balancing to AWS Fargate pods.
In this scenario, we need to create a load balancer that distributes incoming traffic across multiple Fargate pods. To achieve this, we need to create an Application Load Balancer (ALB) in AWS and configure it to use Kubernetes Ingress resources to route traffic to the Fargate pods.
Here are the steps involved:
Create an EKS cluster: The first step is to create an EKS cluster that will host the Fargate pods. This can be done using the AWS Management Console or the AWS CLI.
Create an AWS Fargate profile: Once the cluster is created, we need to create an AWS Fargate profile that defines which Kubernetes pods should run on Fargate. We also need to specify the namespace for the pods and the Fargate profile name.
Create a cluster role and a Kubernetes service account: We need to create a cluster role and a Kubernetes service account that the ALB Ingress Controller will use to manage AWS resources. The cluster role defines the permissions that the ALB Ingress Controller has to manage the resources, while the Kubernetes service account is used to authenticate the ALB Ingress Controller with the Kubernetes API server.
Set up an OIDC provider with the cluster: We need to set up an OpenID Connect (OIDC) provider with the EKS cluster to allow the ALB Ingress Controller to authenticate with AWS APIs using IAM roles for service accounts (IRSA).
Create an IAM policy: We need to create an IAM policy that grants the ALB Ingress Controller the permissions it needs to manage AWS resources, such as creating and deleting load balancers.
Create a cluster role binding: We need to create a cluster role binding that associates the cluster role we created in step 3 with the Kubernetes service account we created in step 3.
Deploy the ALB Ingress Controller: We need to deploy the ALB Ingress Controller to the EKS cluster. This can be done using a Helm chart or by creating Kubernetes resources manually.
Deploy the application: Finally, we need to deploy our application to the EKS cluster and create Kubernetes Service and Ingress resources to expose the application to the internet via the ALB.
Regarding the answer options provided, the two steps that better describe how to achieve this are:
A. Create a cluster. Create an AWS Fargate profile. When your pods start, Fargate automatically allocates the IAM policy so the ALB Ingress Controller can manage the AWS resources and also manages to compute resources on-demand to run them.
D. Create a cluster. Create an AWS Fargate profile. Set up an OIDC provider with the cluster. Create the IAM policy so the ALB Ingress Controller can manage the AWS resources. Create a cluster role, role binding, and a Kubernetes service account attached to the ALB Ingress Controller running pod.
Both answers include the creation of a cluster and an AWS Fargate profile, which are required to set up the Fargate pods. Answer A states that when the pods start, Fargate automatically allocates the IAM policy required for the ALB Ingress Controller to manage AWS resources. Answer D includes additional steps to set up the OIDC provider and create the IAM policy, cluster role, role binding, and Kubernetes service account needed to deploy the ALB Ingress Controller.