1

In AWS, I'm trying to configure my K8S cluster with EKS, and from my limited experience with AWS and its services, I am struggling in configuring the integration between different parts.

Context:

  • Created the cluster with eksctl tool (the VPC, subnets and NAT Gateway were created automatically by eksctl).
  • Created two node groups (also with eksctl), one in private subnet and another one in public subnet.
  • Created a deployment for my backend application (deploying it to the private subnet):

apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-dev-deployment
  namespace: dev
spec:
  replicas: 1
  selector:
    matchLabels:
      app: api-dev
  template:
    metadata:
      labels:
        app: api-dev
    spec:
      nodeSelector:
        subnet-type: private
      containers:
        - name: api-dev
          image: [my private image URL from ECR]
          ports:
              - containerPort: 5000

The pod deployment is OK, and it's able to connect to the internet from the private subnet (connection to mongodb atlas in my case), so NAT Gateway is working fine here.

What I am trying to achieve:

  • Configure API Gateway so it can send requests to the application deployed in the pod inside the private subnet.

What I did:

  • Created an API in the API Gateway service, created the resource /status (the health check endpoint from my application) with GET method.
  • In the request integration, I have chosen HTTP as integration type and I've set the value http://192.168.98.28:5000/status as the endpoint URL (192.168.98.28 is the internal IP of my pod in private network, got it with kubectl: kubectl get pods -o wide)

What's going wrong:

When I am trying to do a test call to the API Gateway endpoint, I am getting an error 500 with the message:

Sat Aug 05 16:33:18 UTC 2023 : Execution failed due to configuration error: Invalid endpoint address.

Can please anyone help me in configuring the above mentioned? I was going through much documentation, but I can't find a good one.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Roman
  • 113
  • 6
  • 1
    I'm not sure if it's possible to get response from pod directly without `service`. When you create a service to expose a deployment, it will spin up an aws loadbalancer. You will get response from that loadbalancer. – Rafaf Tahsin Aug 06 '23 at 05:40

1 Answers1

1

I think first of all you need service type Loadbalancer to expose your pod, I also think that both API Gateway and EKS cluster are in different VPCs, so it is not possible to connect them without VPC endpoints

So the external traffic will be routed via API Gateway which sends traffic to the services hosted inside EKS via VPC Private Link -> ELB.

Here is a blog for reference

Saifeddine Rajhi
  • 102
  • 4