Integrate API Gateway with AWS EKS NLB

Ravindra Singh - Sep 15 - - Dev Community

What is API Gateway
API Gateway is a fully managed service and it provides an entry point to your microservices. It helps you innovate faster by handling common functions such as API throttling, request caching, authorization and access control, monitoring, version management, and security.

AWS PrivateLink is a service that allows you to securely access services hosted on AWS in a highly secure and private manner, without exposing your data to the public internet. It enables private connectivity between Virtual Private Clouds (VPCs), AWS services, and on-premises networks, using private IP addresses within your network.

Image description

Why Integrate API Gateway with EKS via NLB?

  1. For Microservices Architectures: When you have multiple microservices in your EKS cluster, and you need a unified API endpoint for client applications.

  2. Security: API Gateway offers fine-grained access control and supports authentication and authorization mechanisms, such as AWS IAM and Lambda Authorizers.

  3. Scalability and High Availability: Combining API Gateway with NLB ensures high availability and automatic scaling of microservices running on your EKS cluster.

  4. Performance: NLB offers low latency and can handle millions of requests per second, making it suitable for high-performance applications.

  5. Ease of Management: With API Gateway, you can easily manage and expose APIs, track usage, and monitor performance.

By combining API Gateway with an Ingress Load Balancer, you achieve a robust, scalable, and secure architecture for managing API traffic to your backend services in Amazon EKS

GIT LINK: https://github.com/ravindrasinghh/Kubernetes-Playlist

Let's Begin😎

🚀 Step-by-Step Guide

1️⃣ A running Kubernetes cluster: This can be a self-managed cluster or a managed service like Amazon EKS.

Refer below video to create the EKS Cluster in AWS

2️⃣ NGINX Ingress on AWS EKS and Deploying Sample Applications
Refer below video to setup in AWS

3️⃣ Create a VPC Link for a REST API and Integrate it with the EKS Network Load Balancer (NLB).

Image description

4️⃣ Creating a VPC private link can take approximately 10 minutes to complete.

5️⃣ Create a Private HTTP API using API Gateway with HTTP integrations.

Image description

6️⃣ HTTP integration, API Gateway sends the request to the URL that you specify and returns the response from the URL.

  • {proxy}: Single Path Segment Placeholder
  • {proxy} is a single path segment placeholder.
  • It matches exactly one path segment in the URL
  • For example, if your path is /users/{proxy}, it will match:
  • /users/123
  • /users/abc

Image description

7️⃣ {proxy+}: Multi-Segment Path Placeholder

  • {proxy+} is a multi-segment path placeholder (wildcard).
  • It matches one or more path segments in the URL.
  • For example, if your path is /users/{proxy+}, it will match:
  • /users/123
  • /users/123/details
  • /users/abc/extra/path

Image description

8️⃣ Stages are configurable to enable the deployment of your API.

9️⃣ Review the settings and click the "Create" button.

🔟 Once everything is created, you will see a route defined as {proxy+} with the GET method.

Image description

1️⃣ 1️⃣ Click on "Stages" on the left side, and select the desired stage. Since auto-deploy is enabled, there is no need to deploy again. Simply copy the URL and make a request to it.

Image description

Invoke the API URL with the Ingress endpoints.
👉🏻 /

Image description

👉🏻/ping

Image description

👉🏻/metrics

Image description

👉🏻/erorr

Image description

👁️‍🗨️ You can use both NLB and ALB with API Gateway HTTP APIs, API Gateway REST APIs whereas only support private integrations using a NLB. If you use NLB, you'll use API Gateway routes to route traffic to distinct services. If you choose to use an ALB to expose your services, you'll use ALB to route traffic to distinct services.

Configuring a Custom Domain for Your AWS API Gateway
Custom domain names are simpler and more intuitive URLs that you can provide to your API users.

After deploying your API, you (and your customers) can invoke the API using the default base URL of the following format:



https://api-id.execute-api.region.amazonaws.com/stage


Enter fullscreen mode Exit fullscreen mode

where api-id is generated by API Gateway, region is the AWS Region, and stage is specified by you when deploying the API.

The hostname portion of the URL, api-id.execute-api.region.amazonaws.com refers to an API endpoint. The default API endpoint name is randomly generated, difficult to recall, and not user-friendly.

With custom domain names, you can set up your API's hostname, and choose a base path (for example, myservice) to map the alternative URL to your API. For example, a more user-friendly API base URL can become:



https://dev.codedevops.cloud/


Enter fullscreen mode Exit fullscreen mode

🚀 Step-by-Step Guide
1️⃣ Click on "Custom Domain" and then click the "Create" button.

Image description

2️⃣ Enter the domain name you want to use (e.g., dev.codedevops.cloud), select the appropriate ACM certificate, and click "Create Domain."

Image description

3️⃣ Click on "Configure API Mapping," select the desired API and stage, and then click "Save."

Image description

Image description

4️⃣ Go to Route 53 and configure the domain api.codedevops.cloud accordingly.

Image description

Invoke the creation of a custom domain name with the Ingress endpoints.

👉🏻 /

Image description

👉🏻/metrics

Image description

👉🏻/error

Image description

Troubleshooting
If you encounter any issues, refer to the AWS documentation or raise an issue in this repository.

🏴‍☠️ source link: https://github.com/ravindrasinghh/Kubernetes-Playlist/tree/master

If you prefer a video tutorial to help guide you to Integrate API Gateway with AWS EKS NLB

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .