Setup network load balancer and publish rest-api via API gateway
Instructions
- Create internal network load balancer (NLB) service on kubernetes
- Add VPC link with NLB endpoint
- Configure AWS certificate manager
- Create API Gateway with VPC link endpoint
- Create custom domain names & map API
- Add DNS record for API Gateway
- Verify/Test API
Create internal network load balancer service on k8s
K8s will auto create a network load balancer associate with the service
Add VPC link with NLB endpoint
API Gateway / VPC links / Create
Choose a VPC link version: VPC link for REST APIs
Name: ${VPC link name}
Target NLB: ${select existing NLB id}Example: rest-api-vpc-link (xfn24u)
Configure AWS certificate manager
AWS Certificate Manager / Certificates Import / certificate / import
# Input certificate details
Certificate body ${.crt}
Certificate private key ${.key}
Certificate chain ${CA.crt}This depends on your setting
Create API Gateway with VPC link endpoint
To create new API: API Gateway / APIs / Create API / REST API / Build
# Choose the protocol: REST
# Create new API: New API
# Setting
API name: ${api_name}
Description: ${description}
Endpoint Type: Regional
# Create API
Config API resource: API Gateway / APIs / ${api_name} / Resources / Action: Create Resource
select the Configure as proxy resource option to create a proxy resource
Configure as proxy resource: yes
Resource Name: '{proxy+}'
Resource Path: '/{proxy+}'
Enable API Gateway CORS: yes
Config API method: API Gateway / APIs / ${api_name} / Resources / Action : Create Method / choose ANY
Deployment stage: [New Stage]
Stage name*: ${STAGE_NAME} # example: dev
Stage description: ${DESCRIPTION}
Deployment description: ${DESCRIPTION}
Set variables for dev API Deployment: API Gateway / APIs / ${api_name} / Stages / ${STAGE_NAME} / Stage Variables
# define the VPCLINK and VPCNLB stage variable
VPCLINK: ${VPC_link_id}
VPCNLB: ${ELB_DNS_name}
Change Setting to disable Default Enpoint: API Gateway / APIs / ${api_name} / Stages / ${stage_name} / Settings
Default Endpoint: select Disabled
Create custom domain names & map API
To create custom domain name: API Gateway / Custom domain names / Create
Domain name: dev-api.example.com
TLS 1.2 (recommended): yes
Endpoint type: Regional
ACM certificate: Choose from dropdown list
To add API mappings: API Gateway / Custom domain names / ${domain_name} / API mappings / Configure API mappings
API: rest-api-dev (REST)
Stage: dev
You need to save API Gateway domain name for add DNS record later
Add DNS record for API Gateway
Route 53 / Hosted zones / example.com / Create record
Record name: dev-api
Record type: CNAME
Value: ${API Gateway domain name}
Verify/Test API
Try to access
https://dev-api.example.com/health-check
OKEpilogue
By using Gateway API, you could integrate authenticate steps further. And save time when publish current private API with TLS/SSL.
Reference
- K8s service loadbalancer
https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - Connecting an API Gateway to a VPC using VPC link
https://manurana.medium.com/tutorial-connecting-an-api-gateway-to-a-vpc-using-vpc-link-682a21281263 - Build a REST API with API Gateway private integration
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html
