What is API Gateway
API Gateway is a fully managed service and it provides an entry point to your microservices. It helps you innovate faster by handling common functions such as API throttling, request caching, authorization and access control, monitoring, version management, and security.
AWS PrivateLink is a service that allows you to securely access services hosted on AWS in a highly secure and private manner, without exposing your data to the public internet. It enables private connectivity between Virtual Private Clouds (VPCs), AWS services, and on-premises networks, using private IP addresses within your network.
Why Integrate API Gateway with EKS via NLB?
For Microservices Architectures: When you have multiple microservices in your EKS cluster, and you need a unified API endpoint for client applications.
Security: API Gateway offers fine-grained access control and supports authentication and authorization mechanisms, such as AWS IAM and Lambda Authorizers.
Scalability and High Availability: Combining API Gateway with NLB ensures high availability and automatic scaling of microservices running on your EKS cluster.
Performance: NLB offers low latency and can handle millions of requests per second, making it suitable for high-performance applications.
Ease of Management: With API Gateway, you can easily manage and expose APIs, track usage, and monitor performance.
By combining API Gateway with an Ingress Load Balancer, you achieve a robust, scalable, and secure architecture for managing API traffic to your backend services in Amazon EKS
GIT LINK: https://github.com/ravindrasinghh/Kubernetes-Playlist
Let's Begin😎
🚀 Step-by-Step Guide
1️⃣ A running Kubernetes cluster: This can be a self-managed cluster or a managed service like Amazon EKS.
Refer below video to create the EKS Cluster in AWS
2️⃣ NGINX Ingress on AWS EKS and Deploying Sample Applications
Refer below video to setup in AWS
3️⃣ Create a VPC Link for a REST API and Integrate it with the EKS Network Load Balancer (NLB).
4️⃣ Creating a VPC private link can take approximately 10 minutes to complete.
5️⃣ Create a Private HTTP API using API Gateway with HTTP integrations.
6️⃣ HTTP integration, API Gateway sends the request to the URL that you specify and returns the response from the URL.
- {proxy}: Single Path Segment Placeholder
- {proxy} is a single path segment placeholder.
- It matches exactly one path segment in the URL
- For example, if your path is /users/{proxy}, it will match:
- /users/123
- /users/abc
7️⃣ {proxy+}: Multi-Segment Path Placeholder
- {proxy+} is a multi-segment path placeholder (wildcard).
- It matches one or more path segments in the URL.
- For example, if your path is /users/{proxy+}, it will match:
- /users/123
- /users/123/details
- /users/abc/extra/path
8️⃣ Stages are configurable to enable the deployment of your API.
9️⃣ Review the settings and click the "Create" button.
🔟 Once everything is created, you will see a route defined as {proxy+} with the GET method.
1️⃣ 1️⃣ Click on "Stages" on the left side, and select the desired stage. Since auto-deploy is enabled, there is no need to deploy again. Simply copy the URL and make a request to it.
Invoke the API URL with the Ingress endpoints.
👉🏻 /
👉🏻/ping
👉🏻/metrics
👉🏻/erorr
👁️🗨️ You can use both NLB and ALB with API Gateway HTTP APIs, API Gateway REST APIs whereas only support private integrations using a NLB. If you use NLB, you'll use API Gateway routes to route traffic to distinct services. If you choose to use an ALB to expose your services, you'll use ALB to route traffic to distinct services.
Configuring a Custom Domain for Your AWS API Gateway
Custom domain names are simpler and more intuitive URLs that you can provide to your API users.
After deploying your API, you (and your customers) can invoke the API using the default base URL of the following format:
https://api-id.execute-api.region.amazonaws.com/stage
where api-id is generated by API Gateway, region is the AWS Region, and stage is specified by you when deploying the API.
The hostname portion of the URL, api-id.execute-api.region.amazonaws.com refers to an API endpoint. The default API endpoint name is randomly generated, difficult to recall, and not user-friendly.
With custom domain names, you can set up your API's hostname, and choose a base path (for example, myservice) to map the alternative URL to your API. For example, a more user-friendly API base URL can become:
https://dev.codedevops.cloud/
🚀 Step-by-Step Guide
1️⃣ Click on "Custom Domain" and then click the "Create" button.
2️⃣ Enter the domain name you want to use (e.g., dev.codedevops.cloud), select the appropriate ACM certificate, and click "Create Domain."
3️⃣ Click on "Configure API Mapping," select the desired API and stage, and then click "Save."
4️⃣ Go to Route 53 and configure the domain api.codedevops.cloud accordingly.
Invoke the creation of a custom domain name with the Ingress endpoints.
👉🏻 /
👉🏻/metrics
👉🏻/error
Troubleshooting
If you encounter any issues, refer to the AWS documentation or raise an issue in this repository.
🏴☠️ source link: https://github.com/ravindrasinghh/Kubernetes-Playlist/tree/master
If you prefer a video tutorial to help guide you to Integrate API Gateway with AWS EKS NLB