Skip to main content

Service network

The Gateway API controller has been configured to create a VPC Lattice service network and associate a Kubernetes cluster VPC with it automatically. A service network is a logical boundary that’s used to automatically implement service discovery and connectivity as well as apply access and observability policies to a collection of services. It offers inter-application connectivity over HTTP, HTTPS, and gRPC protocols within a VPC. As of today, the controller supports HTTP and HTTPS.

Before creating a Gateway, we need to formalize the types of load balancing implementations that are available via the Kubernetes resource model with a GatewayClass. The controller that listens to the Gateway API relies on an associated GatewayClass resource that the user can reference from their Gateway:

~/environment/eks-workshop/modules/networking/vpc-lattice/controller/gatewayclass.yaml
# Create a new Gateway Class for AWS VPC lattice provider
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
  name: amazon-vpc-lattice
spec:
  controllerName: application-networking.k8s.aws/gateway-api-controller
A

Set amazon-vpc-lattice as the GatewayClass name for reference by Gateway resources

B

Set application-networking.k8s.aws/gateway-api-controller as the controllerName to specify the AWS Gateway API controller that manages gateways of this class

Lets create the GatewayClass:

~$kubectl apply -f ~/environment/eks-workshop/modules/networking/vpc-lattice/controller/gatewayclass.yaml


The following YAML will create a Kubernetes Gateway resource which is associated with a VPC Lattice Service Network.


~/environment/eks-workshop/modules/networking/vpc-lattice/controller/eks-workshop-gw.yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: ${EKS_CLUSTER_NAME}
  namespace: checkout
spec:
  gatewayClassName: amazon-vpc-lattice
  listeners:
    - name: http
      protocol: HTTP
      port: 80
A
Set the Gateway identifier as the EKS Cluster name by setting metadata.name to the EKS_CLUSTER_NAME environment variable
B
Set amazon-vpc-lattice as the gatewayClassName to refer to the VPC Lattice GatewayClass defined earlier
C
This configuration specifies that the listener will accept HTTP traffic on port 80




Apply it with the following command:


~$cat ~/environment/eks-workshop/modules/networking/vpc-lattice/controller/eks-workshop-gw.yaml \
  | envsubst | kubectl apply -f -


Verify that eks-workshop gateway is created:


~$kubectl get gateway -n checkout
NAME                CLASS                ADDRESS   PROGRAMMED   AGE
eks-workshop        amazon-vpc-lattice             True         29s


Once the gateway is created, find the VPC Lattice service network. Wait until the status is Reconciled (this could take about five minutes).


~$kubectl describe gateway ${EKS_CLUSTER_NAME} -n checkout
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
status:
   conditions:
      message: 'aws-gateway-arn: arn:aws:vpc-lattice:us-west-2:1234567890:servicenetwork/sn-03015ffef38fdc005'
      reason: Programmed
      status: "True"
 
~$kubectl wait --for=condition=Programmed gateway/${EKS_CLUSTER_NAME} -n checkout


Now you can see the associated Service Network created in the VPC console under the Lattice resources in the AWS console.


Checkout Service Network