Deploying a Two-Tier Application on EKS with ALB DNS Access
🌱 Just a fresher, vibin’ through tech life. ☁️ Cloud & DevOps rookie, tryna get my hands dirty with real stuff. 🛠️ Writing blogs in my own chill style ’cause most guides feel way too pro-level. 🚀 Learning, breaking, fixing, and sharing my journey—no sugarcoat, just raw curiosity.
Hello techies! 👋
In this blog, we’ll deploy a two-tier application on an Amazon EKS cluster where users can access it via DNS. Along the way, we’ll learn how Kubernetes (aka K8s) works in the real world. Let’s dive in!
Prerequisites
Before we start, make sure you have the following installed:
kubectl – Command-line tool for Kubernetes.
Installing/updating kubectl.eksctl – Command-line tool to create and manage EKS clusters easily.
Installing/updating eksctl.AWS CLI – Command-line tool to work with AWS services.
AWS CLI Installation Guide.
After installation, configure it with:aws configurePython – Required by AWS CLI.
Step 1: Create EKS Cluster with Fargate
Run the following command to create an EKS cluster with public and private subnets automatically:
eksctl create cluster --name demo-cluster --region us-east-1 --fargate
Control Plane (EKS API Server) → Managed by AWS, outside your VPC.
Fargate Pods (like CoreDNS, your app in
game-2048) → Run in private subnets for security.Using Fargate reduces maintenance overhead and provides a serverless, robust environment.
If your organization has specific OS or instance-type requirements, you can opt for EC2-based worker nodes instead.
Step 2: Create Fargate Profile for Your Application
To deploy resources (pods, deployments, services, ingress) in a separate namespace, create a Fargate profile:
eksctl create fargateprofile \
--cluster demo-cluster \
--region us-east-1 \
--name alb-sample-app \
--namespace game-2048
Note: The
game-2048namespace will be created automatically later when deploying resources.
Step 3: Configure kubectl
Update your kubeconfig to connect to the cluster:
aws eks update-kubeconfig --name demo-cluster
Step 4: Deploy Application and Ingress
Deploy the game-2048 app, service, and ingress:
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/examples/2048/2048_full.yaml
Your Ingress resource is deployed, but ALB controller is required to route traffic.
Controller runs in private subnets while the Load Balancer (ALB) is in public subnets.
Step 5: Understand Ingress Annotations
In your ingress manifest:
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
internet-facing → ALB is in public subnets, accessible from the internet.
internal → ALB stays in private subnets, internal-only access.
target-type: ip → Routes traffic directly to pod IPs (required for Fargate).
Step 6: Configure IAM OIDC Provider
export cluster_name=demo-cluster
oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)
aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4
eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
Step 7: Setup AWS Load Balancer Controller
7.1 Download IAM Policy
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.11.0/docs/install/iam_policy.json
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
7.2 Create IAM Service Account
eksctl create iamserviceaccount \
--cluster=demo-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::<YOUR_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
Replace your accound-id.
7.3 Deploy ALB Controller with Helm
helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system \
--set clusterName=demo-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=us-east-1 \
--set vpcId=<YOUR_VPC_ID>
Replace with your vpcId.
Verify deployment:
kubectl get deployment -n kube-system aws-load-balancer-controller
Step 8: Access Application via DNS
Once ALB controller is up, it automatically provisions a DNS for your ingress:
kubectl get ingress -n game-2048
Copy the DNS name and open it in your browser.
game level flow:
🌐 Internet (Player) ↓ ⚡ ALB (Public Subnet, Internet-Facing) ↓ 🛡️ Fargate Pods (Private Subnet) ↓ 🎮 game-2048 Application🎮 Play the game and share your score!
Conclusion:
In this project, we successfully deployed a two-tier application on AWS EKS using Fargate, with pods securely running in private subnets and traffic routed through a public-facing ALB. By implementing the AWS Load Balancer Controller and Kubernetes Ingress, we created a seamless path for users to access the application via DNS while keeping the cluster secure. This hands-on experience illustrates how Kubernetes concepts translate into real-world cloud architectures, giving you both practical skills and a deeper understanding of modern DevOps practices.
Happyyyyyyyy gamifyingggggggggg! 🎮🚀
