Skip to main content

Configuring routes

In this section we will show how to use Amazon VPC Lattice for advanced traffic management with weighted routing for blue/green and canary-style deployments.

Let's deploy a modified version of the checkout microservice with an added prefix "Lattice" in the shipping options. Let's deploy this new version in a new namespace (checkoutv2) using Kustomize.

~$kubectl apply -k ~/environment/eks-workshop/modules/networking/vpc-lattice/abtesting/
~$kubectl rollout status deployment/checkout -n checkoutv2


The checkoutv2 namespace now contains a second version of the application, while using the same redis instance in the checkout namespace.


~$kubectl get pods -n checkoutv2
NAME                        READY   STATUS    RESTARTS   AGE
checkout-854cd7cd66-s2blp   1/1     Running   0          26s


Now let's demonstrate how weighted routing works by creating HTTPRoute resources. First we'll create a TargetGroupPolicy that tells Lattice how to properly perform health checks on our checkout service:


~/environment/eks-workshop/modules/networking/vpc-lattice/target-group-policy/target-group-policy.yaml
apiVersion: application-networking.k8s.aws/v1alpha1
kind: TargetGroupPolicy
metadata:
  name: checkout-policy
  namespace: checkout
spec:
  targetRef:
    group: ""
    kind: Service
    name: checkout
  protocol: HTTP
  protocolVersion: HTTP1
  healthCheck:
    enabled: true
    intervalSeconds: 10
    timeoutSeconds: 1
    healthyThresholdCount: 3
    unhealthyThresholdCount: 2
    path: "/health"
    port: 8080
    protocol: HTTP
    protocolVersion: HTTP1
    statusMatch: "200"
A
targetRef applies this policy to the checkout Service
B
The settings in the healthCheck section defines how VPC Lattice monitors service health
C
intervalSeconds: 10 : Check every 10 seconds
D
timeoutSeconds: 1 : 1-second timeout per check
E
healthyThresholdCount: 3 : 3 consecutive successes = healthy
F
unhealthyThresholdCount: 2 : 2 consecutive failures = unhealthy
G
path: "/health": Health check endpoint path
H
port: 8080 : Health check endpoint port
I
protocol: HTTP : Health check endpoint protocol
J
statusMatch: "200" : Expects HTTP 200 response




Apply this resource:


~$kubectl apply -k ~/environment/eks-workshop/modules/networking/vpc-lattice/target-group-policy


Now create the Kubernetes HTTPRoute route that distributes 75% traffic to checkoutv2 and remaining 25% traffic to checkout:


~/environment/eks-workshop/modules/networking/vpc-lattice/routes/checkout-route.yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: checkoutroute
  namespace: checkout
spec:
  parentRefs:
    - name: ${EKS_CLUSTER_NAME}
      sectionName: http
  rules:
    - backendRefs:
        - name: checkout
          namespace: checkout
          kind: Service
          port: 80
          weight: 25
        - name: checkout
          namespace: checkoutv2
          kind: Service
          port: 80
          weight: 75
A
parentRefs attaches this HTTPRoute route to the http listener on the gateway named ${EKS_CLUSTER_NAME}
B
This backendRefs rule sends 25% of the traffic to the checkout Service in the checkout namespace on port 80
C
This backendRefs rule sends 75% of the traffic to the checkout Service in the checkoutv2 namespace on port 80




Apply this resource:


~$cat ~/environment/eks-workshop/modules/networking/vpc-lattice/routes/checkout-route.yaml \
  | envsubst | kubectl apply -f -


This creation of the associated resources may take 2-3 minutes, run the following command to wait for it to complete:


~$kubectl wait -n checkout --timeout=3m \
  --for=jsonpath='{.metadata.annotations.application-networking\.k8s\.aws\/lattice-assigned-domain-name}' httproute/checkoutroute


Once completed you will find the HTTPRoute's DNS name from HTTPRoute annotation application-networking.k8s.aws/lattice-assigned-domain-name:


~$kubectl describe httproute checkoutroute -n checkout
Name:         checkoutroute
Namespace:    checkout
Labels:       <none>
Annotations:  application-networking.k8s.aws/lattice-assigned-domain-name:
                checkoutroute-checkout-0d8e3f4604a069e36.7d67968.vpc-lattice-svcs.us-east-2.on.aws
API Version:  gateway.networking.k8s.io/v1beta1
Kind:         HTTPRoute
...


Now you can see the associated Service created in the VPC Lattice console under the Lattice resources.
CheckoutRoute Service


Traffic is now handled by Amazon VPC Lattice
Amazon VPC Lattice can now automatically redirect traffic to this service from any source, including different VPCs! You can also take full advantage of other VPC Lattice features.