From 5dee7ff8d32ec67180a7472b00c3bdd1b706cc3b Mon Sep 17 00:00:00 2001 From: ruban suthan Date: Wed, 22 Nov 2023 13:48:29 +1100 Subject: [PATCH] PR review changes --- patterns/blueprint-vpc-lattice/README.md | 3 +-- .../blueprint-vpc-lattice/cluster1/main.tf | 26 +------------------ .../blueprint-vpc-lattice/cluster1/outputs.tf | 4 +++ .../blueprint-vpc-lattice/cluster2/aurora.tf | 2 ++ .../blueprint-vpc-lattice/cluster2/main.tf | 9 ++++++- .../blueprint-vpc-lattice/cluster2/outputs.tf | 5 ++++ 6 files changed, 21 insertions(+), 28 deletions(-) create mode 100644 patterns/blueprint-vpc-lattice/cluster1/outputs.tf diff --git a/patterns/blueprint-vpc-lattice/README.md b/patterns/blueprint-vpc-lattice/README.md index 328dca6efd..3249bce645 100644 --- a/patterns/blueprint-vpc-lattice/README.md +++ b/patterns/blueprint-vpc-lattice/README.md @@ -12,8 +12,7 @@ The solution architecture used to demonstrate cross-cluster connectivity with VP 1. Two VPCs are setup in the same AWS Region, both using the same RFC 1918 address range 192.168.48.0/20 2. An EKS cluster is provisioned in each of the VPC. 3. An HTTP web service is deployed to the EKS cluster in Cluster1-vpc , exposing a set of REST API endpoints. Another REST API service is deployed to the EKS cluster in Cluster2-vpc and it communicates with an Aurora PostgreSQL database in the same VPC. -AWS Gateway API controller is used in both clusters to manage the Kubernetes Gateway API resources such as Gateway and HTTPRoute. These custom resources orchestrate AWS VPC Lattice resources such as Service Network, Service, and Target Groups that enable communication between the Kubernetes services deployed to the clusters. Please refer to this post for a detailed discussion on how the AWS Gateway API controller extends custom resources defined by Gateway API, allowing you to create VPC Lattice resources using Kubernetes APIs. - +AWS Gateway API controller is used in both clusters to manage the Kubernetes Gateway API resources such as Gateway and HTTPRoute. These custom resources orchestrate AWS VPC Lattice resources such as Service Network, Service, and Target Groups that enable communication between the Kubernetes services deployed to the clusters. ![img.png](img/img.png) diff --git a/patterns/blueprint-vpc-lattice/cluster1/main.tf b/patterns/blueprint-vpc-lattice/cluster1/main.tf index 75602060b6..7c81f5acd2 100644 --- a/patterns/blueprint-vpc-lattice/cluster1/main.tf +++ b/patterns/blueprint-vpc-lattice/cluster1/main.tf @@ -190,28 +190,4 @@ resource "aws_security_group_rule" "vpc_lattice_ipv6_ingress" { to_port = 0 protocol = "-1" prefix_list_ids = [data.aws_ec2_managed_prefix_list.ipv6.id] -} - - ---- -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: GatewayClass -metadata: -name: amazon-vpc-lattice -spec: -controllerName: application-networking.k8s.aws/gateway-api-controller - ---- -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: -name: eks-lattice-network -spec: -gatewayClassName: amazon-vpc-lattice -listeners: -- name: http -protocol: HTTP -port: 80 -allowedRoutes: -namespaces: -from: All \ No newline at end of file +} \ No newline at end of file diff --git a/patterns/blueprint-vpc-lattice/cluster1/outputs.tf b/patterns/blueprint-vpc-lattice/cluster1/outputs.tf new file mode 100644 index 0000000000..c952ef95d0 --- /dev/null +++ b/patterns/blueprint-vpc-lattice/cluster1/outputs.tf @@ -0,0 +1,4 @@ +output "configure_kubectl" { + description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" + value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name} --region ${local.region}" +} diff --git a/patterns/blueprint-vpc-lattice/cluster2/aurora.tf b/patterns/blueprint-vpc-lattice/cluster2/aurora.tf index 8433e50296..6509169846 100644 --- a/patterns/blueprint-vpc-lattice/cluster2/aurora.tf +++ b/patterns/blueprint-vpc-lattice/cluster2/aurora.tf @@ -10,6 +10,8 @@ module "rds-aurora" { private_subnet_ids_p = module.vpc.private_subnets private_subnet_ids_s = null region = local.region + engine = "aurora-postgresql" + engine_version_pg = "13.6" sec_region = "us-west-2" } diff --git a/patterns/blueprint-vpc-lattice/cluster2/main.tf b/patterns/blueprint-vpc-lattice/cluster2/main.tf index 15af6e68e7..37a2c62c67 100644 --- a/patterns/blueprint-vpc-lattice/cluster2/main.tf +++ b/patterns/blueprint-vpc-lattice/cluster2/main.tf @@ -2,6 +2,11 @@ provider "aws" { region = local.region } +provider "aws" { + region = "us-east-1" + alias = "virginia" +} + provider "kubernetes" { host = module.eks.cluster_endpoint cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) @@ -29,7 +34,9 @@ provider "helm" { } data "aws_availability_zones" "available" {} -data "aws_ecrpublic_authorization_token" "token" {} +data "aws_ecrpublic_authorization_token" "token" { + provider = aws.virginia +} data "aws_caller_identity" "identity" {} data "aws_region" "current" {} diff --git a/patterns/blueprint-vpc-lattice/cluster2/outputs.tf b/patterns/blueprint-vpc-lattice/cluster2/outputs.tf index a059c4aa11..208a421c92 100644 --- a/patterns/blueprint-vpc-lattice/cluster2/outputs.tf +++ b/patterns/blueprint-vpc-lattice/cluster2/outputs.tf @@ -18,3 +18,8 @@ output "postgres_password" { value = module.rds-aurora.aurora_cluster_master_password sensitive = true } + +output "configure_kubectl" { + description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" + value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name} --region ${local.region}" +}