From db632997b0d3ade2041830283c5eed0ff63926a9 Mon Sep 17 00:00:00 2001 From: Cizer Pereira Date: Thu, 5 Oct 2023 20:24:51 +0200 Subject: [PATCH] upgrade gateway-api-controller to 0.0.16 add required ec2 permissions for gateway-api-controller fix: doc and missing part regarding nlb deployment --- .../vpc-lattice/.workshop/terraform/addon.tf | 5 +++-- .../vpc-lattice/abtesting/kustomization.yaml | 1 + .../networking/vpc-lattice/abtesting/nlb.yaml | 19 +++++++++++++++++++ .../vpc-lattice/lattice-ab-testing.md | 3 ++- website/docs/networking/vpc-lattice/setup.md | 2 +- 5 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml diff --git a/manifests/modules/networking/vpc-lattice/.workshop/terraform/addon.tf b/manifests/modules/networking/vpc-lattice/.workshop/terraform/addon.tf index 4f9824d72..bb2cf8728 100644 --- a/manifests/modules/networking/vpc-lattice/.workshop/terraform/addon.tf +++ b/manifests/modules/networking/vpc-lattice/.workshop/terraform/addon.tf @@ -1,5 +1,5 @@ module "eks_blueprints_addons" { - source = "aws-ia/eks-blueprints-addons/aws" + source = "aws-ia/eks-blueprints-addons/aws" version = "~> 1.0" enable_aws_load_balancer_controller = true @@ -40,7 +40,8 @@ resource "aws_iam_policy" "lattice" { "vpc-lattice:*", "iam:CreateServiceLinkedRole", "ec2:DescribeVpcs", - "ec2:DescribeSubnets" + "ec2:DescribeSubnets", + "ec2:DescribeTags" ], "Resource": "*" } diff --git a/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml b/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml index f574a41c0..1a4727b60 100644 --- a/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml +++ b/manifests/modules/networking/vpc-lattice/abtesting/kustomization.yaml @@ -6,5 +6,6 @@ resources: patches: - deploymentv2.yaml - servicev2.yaml + - nlb.yaml - delete-deployment-redis.yaml - delete-service-redis.yaml diff --git a/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml b/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml new file mode 100644 index 000000000..e56524651 --- /dev/null +++ b/manifests/modules/networking/vpc-lattice/abtesting/nlb.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: ui-nlb + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance + namespace: ui +spec: + type: LoadBalancer + ports: + - port: 80 + targetPort: 8080 + name: http + selector: + app.kubernetes.io/name: ui + app.kubernetes.io/instance: ui + app.kubernetes.io/component: service diff --git a/website/docs/networking/vpc-lattice/lattice-ab-testing.md b/website/docs/networking/vpc-lattice/lattice-ab-testing.md index 71ec0e5c7..029e8ce5e 100644 --- a/website/docs/networking/vpc-lattice/lattice-ab-testing.md +++ b/website/docs/networking/vpc-lattice/lattice-ab-testing.md @@ -139,6 +139,7 @@ Let's ensure that the UI pods are restarted and then port-forward to the preview ```bash $ kubectl rollout restart deployment/ui -n ui $ kubectl rollout status deployment/ui -n ui +$ kubectl port-forward svc/ui 8080:80 -n ui ``` Let us try to access our application using the browser. A `LoadBalancer` type service named `ui-nlb` is provisioned in the `ui` namespace from which the application's UI can be accessed. @@ -154,4 +155,4 @@ Access this in your browser and try to checkout multiple times (with different i You'll notice that the checkout now uses the "Lattice checkout" pods about 75% of the time: -![Lattice Checkout](assets/latticecheckout.png) \ No newline at end of file +![Lattice Checkout](assets/latticecheckout.png) diff --git a/website/docs/networking/vpc-lattice/setup.md b/website/docs/networking/vpc-lattice/setup.md index f3cd10386..d59614652 100644 --- a/website/docs/networking/vpc-lattice/setup.md +++ b/website/docs/networking/vpc-lattice/setup.md @@ -38,7 +38,7 @@ This step will install the controller and the CRDs (Custom Resource Definitions) $ aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws $ helm install gateway-api-controller \ oci://public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller-chart \ - --version=v0.0.15 \ + --version=v0.0.16 \ --create-namespace \ --set=aws.region=${AWS_REGION} \ --set serviceAccount.annotations."eks\.amazonaws\.com/role-arn"="$LATTICE_IAM_ROLE" \