# EKS - API Gateway Integration ## A. Infrastructure Preparations ### A.1. STEP 1 - Associate OIDC Provider ```bash eksctl utils associate-iam-oidc-provider \ --region ap-southeast-1 \ --cluster ss-backend-testing-cluster \ --approve ``` ### A.2. STEP 2 - Create IAM Policy for Load Balancer Download this file https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.1/docs/install/iam_policy.json Execute this command to create new IAM Policy `AWSLoadBalancerControllerIAMPolicy` ```bash aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.json ``` ### A.3. STEP 3 - Create IAM Service Account for Load Balancer Controller ```bash eksctl create iamserviceaccount \ --cluster=ss-backend-testing-cluster \ --region=ap-southeast-1 \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --attach-policy-arn=arn:aws:iam::987837270205:policy/AWSLoadBalancerControllerIAMPolicy \ --override-existing-serviceaccounts \ --approve ``` ### A.4. STEP 4 - Add EKS Helm Repo [Install helm first](https://helm.sh/docs/intro/install/), if not installed ```bash helm repo add eks https://aws.github.io/eks-charts && helm repo update ``` ### A.5. STEP 5 - Install Load Balancer Controller ```bash helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=testing-cluster \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller ``` ## B. Developer Preparation ### B.1. Deploy Application Deploy following kubernetes application ```yaml --- apiVersion: v1 kind: Namespace metadata: name: space-scheduling --- apiVersion: apps/v1 kind: Deployment metadata: namespace: space-scheduling name: standard-user-newsfeed-deployment spec: selector: matchLabels: name: standard-user-newsfeed replicas: 5 template: metadata: labels: name: standard-user-newsfeed spec: containers: - image: 987837270205.dkr.ecr.ap-southeast-1.amazonaws.com/prospace_standard_user_newsfeed_backend_service:development imagePullPolicy: Always name: standard-user-newsfeed ports: - containerPort: 5000 readinessProbe: httpGet: path: / port: 5000 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: / port: 5000 initialDelaySeconds: 5 periodSeconds: 10 --- apiVersion: v1 kind: Service metadata: namespace: space-scheduling name: standard-user-newsfeed-service annotations: service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" service.beta.kubernetes.io/aws-load-balancer-internal: "true" spec: ports: - port: 80 targetPort: 5000 protocol: TCP type: ClusterIP selector: name: standard-user-newsfeed ``` Save the file to `standard-user-newsfeed.yml`, and execute the command: ``` kubectl apply -f standard-user-newsfeed.yml ``` Wait until everything is ready ``` kubectl get all -n space-scheduling ``` ### B.2. Create VPC Link https://ap-southeast-1.console.aws.amazon.com/apigateway/main/vpc-links/create?region=ap-southeast-1 ``` Choose a VPC link version: VPC link for REST APIs Name: standard-user-newsfeed-vpclink Target NLB: <NLB of standard-user-newsfeed> ``` ### B.3. Create REST API (AWS API Gateway) https://ap-southeast-1.console.aws.amazon.com/apigateway/main/precreate?region=ap-southeast-1 ``` Choose the protocol: REST Create new API: New API Settings: API name: prospace-ss-api Endpoint Type: Regional ``` ### B.4. Create API Resource and methods - From root path `/` create new resource with `Create Resource` button from `Action` dropdown - Fill `Resource Path` and `Resource Name` with `newsfeed` - Create new resource again from `/newsfeed`, with `Configure as proxy resource` checked (leave other default) - From the `ANY` Setup: - Integration type: VPC Link - VPC Link: standard-user-newsfeed-vpclink - Endpoint URL: http://<NLB DNS Name of standard-user-newsfeed>:<listener port> ### B.5. Deploy API Click `Action` > `Deploy API`, choose existing deployment stage or create new one