the ACK Controller for API Gateway

문학적인유사성·2023년 10월 27일
awseks
0

뎁옵깃옵쿠베

목록 보기
43/46
  • LB컨트롤러 미리 설치해두기

IAM role 생성

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::${account_number}:oidc-provider/oidc.eks.${region}.amazonaws.com/id/${oidc}"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "oidc.eks.${region}.amazonaws.com/id/${oidc}:sub": "system:serviceaccount:ack-system:ack-apigatewayv2-controller",
                    "oidc.eks.${region}.amazonaws.com/id/${oidc}:aud": "sts.amazonaws.com"
                }
            }
        }
    ]
}

Install

공식-깃허브
공식 튜토리얼

  • helm install
kubectl create ns ack-system

aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws

helm install -n ack-system ack-apigw-controller oci://public.ecr.aws/aws-controllers-k8s/apigatewayv2-chart --version=v0.0.2 --values values.yaml

cat values.yaml
# Default values for ack-apigatewayv2-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

image:
  repository: public.ecr.aws/aws-controllers-k8s/controller
  tag: apigatewayv2-v0.0.2
  pullPolicy: IfNotPresent
  pullSecrets: []

nameOverride: ""
fullnameOverride: ""

deployment:
  annotations: {}
  labels: {}
  containerPort: 8080

resources:
  requests:
    memory: "64Mi"
    cpu: "50m"
  limits:
    memory: "128Mi"
    cpu: "100m"

aws:
  # If specified, use the AWS region for AWS API calls
  region: "us-east-1"

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  name: ack-apigatewayv2-controller
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::${account_number}:role/${role_name}

sample 설치

#sample

wget https://github.com/aws-samples/amazon-apigateway-ingress-controller-blog/raw/Mainline/apigw-ingress-controller-blog/echoserver.yml
wget https://github.com/aws-samples/amazon-apigateway-ingress-controller-blog/raw/Mainline/apigw-ingress-controller-blog/author-deployment.yml
  • lb 생성된것 확인
AGW_VPCLINK_SG=$(aws ec2 create-security-group --description "SG for VPC Link"    --group-name SG_VPC_LINK  --vpc-id ${vpcid}  --region us-east-1 --output text --query 'GroupId' )

kubectl apply -f vpclink.yaml

cat vpclink.yaml
apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: VPCLink
metadata:
  name: nlb-internal
spec:
  name: nlb-internal
  securityGroupIDs: 
    - ${sg id}
  subnetIDs: 
    - ${subnet id tag:kubernetes.io/role/internal-elb,Values=1}
    - ${subnet id tag:kubernetes.io/role/internal-elb,Values=1}
  • vpc links 하나 생성됨.
aws apigatewayv2 get-vpc-links --region us-east-1

apigw생성

cat > apigw-api.yaml<<EOF
apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: API
metadata:
  name: apitest-private-nlb
spec:
  body: '{
              "openapi": "3.0.1",
              "info": {
                "title": "ack-apigwv2-import-test-private-nlb",
                "version": "v1"
              },
              "paths": {
              "/\$default": {
                "x-amazon-apigateway-any-method" : {
                "isDefaultRoute" : true,
                "x-amazon-apigateway-integration" : {
                "payloadFormatVersion" : "1.0",
                "connectionId" : "$(kubectl get vpclinks.apigatewayv2.services.k8s.aws \
  nlb-internal \
  -o jsonpath="{.status.vpcLinkID}")",
                "type" : "http_proxy",
                "httpMethod" : "GET",
                "uri" : "$(aws elbv2 describe-listeners \
  --load-balancer-arn $(aws elbv2 describe-load-balancers \
  --region $AGW_AWS_REGION \
  --query "LoadBalancers[?contains(DNSName, '$(kubectl get service authorservice \
  -o jsonpath="{.status.loadBalancer.ingress[].hostname}")')].LoadBalancerArn" \
  --output text) \
  --region $AGW_AWS_REGION \
  --query "Listeners[0].ListenerArn" \
  --output text)",
               "connectionType" : "VPC_LINK"
                  }
                }
              },
              "/meta": {
                  "get": {
                    "x-amazon-apigateway-integration": {
                       "uri" : "$(aws elbv2 describe-listeners \
  --load-balancer-arn $(aws elbv2 describe-load-balancers \
  --region $AGW_AWS_REGION \
  --query "LoadBalancers[?contains(DNSName, '$(kubectl get service echoserver \
  -o jsonpath="{.status.loadBalancer.ingress[].hostname}")')].LoadBalancerArn" \
  --output text) \
  --region $AGW_AWS_REGION \
  --query "Listeners[0].ListenerArn" \
  --output text)",
                      "httpMethod": "GET",
                      "connectionId": "$(kubectl get vpclinks.apigatewayv2.services.k8s.aws \
  nlb-internal \
  -o jsonpath="{.status.vpcLinkID}")",
                      "type": "HTTP_PROXY",
                      "connectionType": "VPC_LINK",
                      "payloadFormatVersion": "1.0"
                    }
                  }
                }
              },
              "components": {}
        }'
EOF
kubectl apply -f apigw-api.yaml
  • 생성후 확인
apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: API
metadata:
  name: apitest-private-nlb
spec:
  body: '{
              "openapi": "3.0.1",
              "info": {
                "title": "ack-apigwv2-import-test-private-nlb",
                "version": "v1"
              },
              "paths": {
              "/$default": {
                "x-amazon-apigateway-any-method" : {
                "isDefaultRoute" : true,
                "x-amazon-apigateway-integration" : {
                "payloadFormatVersion" : "1.0",
                "connectionId" : "${vpc link id}",
                "type" : "http_proxy",
                "httpMethod" : "GET",
                "uri" : "${lb listener arn}",
               "connectionType" : "VPC_LINK"
                  }
                }
              },
              "/meta": {
                  "get": {
                    "x-amazon-apigateway-integration": {
                       "uri" : "${lb listener arn}",
                      "httpMethod": "GET",
                      "connectionId": "${vpc link id}",
                      "type": "HTTP_PROXY",
                      "connectionType": "VPC_LINK",
                      "payloadFormatVersion": "1.0"
                    }
                  }
                }
              },
              "components": {}
        }'
  • 콘솔에서도 확인 가능

stage 생성

 echo "
apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: Stage
metadata:
  name: "apiv1"
spec:
  apiID: $(kubectl get apis.apigatewayv2.services.k8s.aws apitest-private-nlb -o=jsonpath='{.status.apiID}')
  stageName: api
  autoDeploy: true
" | kubectl apply -f -
stage.apigatewayv2.services.k8s.aws/apiv1 created

endpoint 확인

kubectl get api apitest-private-nlb -o jsonpath="{.status.apiEndpoint}"
profile
문학적인유사성
이전 포스트

Jaeger

다음 포스트

eks

0개의 댓글