Configuring AWS API GW with Istio and Kops cluster

"Version": "2012-10-17",
"Statement": [
{
"Sid": "kopsK8sNLBMasterPermsRestrictive",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeRegions"
],
"Resource": "*"
}
]
}
service.beta.kubernetes.io/aws-load-balancer-internal: "true"service.beta.kubernetes.io/aws-load-balancer-type: nlb
  1. From the primary navigation pane, choose VPC links and then choose Create.
  2. Choose VPC link for REST APIs.
  3. Enter a name, and optionally, a description for your VPC link.
  4. Choose a Network Load Balancer from the Target NLB drop-down list.
  5. You must have the Network Load Balancer already created in the same Region as your API for the Network Load Balancer to be present in the list. For us istio NLB setup already did this
  6. Choose Create to start creating the VPC link.
  1. Choose VPC Link for Integration type.
  2. Choose Use Proxy Integration.
  3. From the Method drop-down list, choose GET as the integration method.
  4. From the VPC Link drop-down list, choose [Use Stage Variables] and type ${stageVariables.vpcLinkId} in the text box below.
  5. We will define the vpcLinkId stage variable after deploying the API to a stage and set its value to the ID of the VpcLink.
  6. Type a URL, for example, http://aws.companyname.ai, for Endpoint URL.
  7. Here, the host name (for example, aws.companyname.ai) is used to set the Host header of the integration request.
  8. Leave the Use Default Timeout selection as-is, unless you want to customize the integration timeouts.
  9. Choose Save to finish setting up the integration.
  10. With the proxy integration, the API is ready for deployment. Otherwise, you need to proceed to set up appropriate method responses and integration responses.
  11. From the Actions drop-down menu, choose Deploy API and then choose a new or existing stage to deploy the API.
  12. Note the resulting Invoke URL. You need it to invoke the API. Before doing that, you must set up the vpcLinkId stage variable.
  1. Under the Name column, type vpcLinkId.
  2. Under the Value column, type the ID of VPC_LINK, for example, gix6s7.
  3. Choose the check-mark icon to save this stage variable.
  4. Using the stage variable, you can easily switch to different VPC links for the API by changing the stage variable value.
  5. This completes creating the API. You can test invoking the API as with other integrations.
  1. From resource create new resource. provide path name for example /bar

My background is in software engineering, with specialization in practicing DevOps culture.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Get Rid of Object-Oriented Programming For Good (Part 1)

Get Rid of Object-Oriented Programming For Good

GitFlow with GitHub

QED-C takes vital steps to create the full quantum computing stack from hardware to applications

Describe, then interpret: HTTP endpoints using tapir.

Windows 11: The Beginning of a New PC Age

Monitoring Airflow Metrics

Deploy Elasticsearch with Kubernetes on AWS in 10 steps

Streaming Data Architecture Selection Criteria — Kappa vs Lambda

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
muntashir islam

muntashir islam

My background is in software engineering, with specialization in practicing DevOps culture.

More from Medium

Monitoring Cloud ACI CSR1000v using Prometheus and Grafana

Kubernetes test clusters In less than 20 seconds.

Securing Kubernetes-in-Docker

New Way of HCI — Harvester