Create a Lambda OCI Function with the ACK Lambda Controller
Create a Lambda Function with an OCI Image Using Elastic Kubernetes Service (EKS).
The ACK service controller for Amazon Lambda lets you manage Lambda functions directly from Kubernetes. This guide shows you how to create a Lambda function with OCI image using a single Kubernetes resource manifest.
Setup
Although it is not necessary to use Amazon Elastic Kubernetes Service (Amazon EKS) or Amazon Elastic Container Registry (Amazon ECR) with ACK, this guide assumes that you have access to an Amazon EKS cluster. If this is your first time creating an Amazon EKS cluster and Amazon ECR repository, see Amazon EKS Setup and Amazon ECR Setup.
Prerequisites
This guide assumes that you have:
- Created an EKS cluster with Kubernetes version 1.16 or higher.
- Have access to Amazon ECR
- AWS IAM permissions to create roles and attach policies to roles.
- Installed the following tools on the client machine used to access your Kubernetes cluster:
- AWS CLI - A command line tool for interacting with AWS services.
- kubectl - A command line tool for working with Kubernetes clusters.
- eksctl - A command line tool for working with EKS clusters.
- Helm 3.8+ - A tool for installing and managing Kubernetes applications.
- Docker - A tool to build, share, and run containers.
Install the ACK service controller for Lambda
Log into the Helm registry that stores the ACK charts:
aws ecr-public get-login-password --region us-west-2 | helm registry login --username AWS --password-stdin public.ecr.aws Deploy the ACK service controller for Amazon Lambda using the lambda-chart Helm chart. This example creates resources in the us-west-2 region, but you can use any other region supported in AWS.
SERVICE=lambda RELEASE_VERSION=$(curl -sL https://api.github.com/repos/aws-controllers-k8s/${SERVICE}-controller/releases/latest | jq -r '.tag_name | ltrimstr("v")') helm install --create-namespace -n ack-system oci://public.ecr.aws/aws-controllers-k8s/lambda-chart "--version=${RELEASE_VERSION}" --generate-name --set=aws.region=us-west-2 For a full list of available values to the Helm chart, please review the values.yaml file.
Configure IAM permissions
Once the service controller is deployed configure the IAM permissions for the controller to invoke the Lambda API. For full details, please review the AWS Controllers for Kubernetes documentation for how to configure the IAM permissions. If you follow the examples in the documentation, use the value of lambda for SERVICE.
Create Lambda function handler
The Lambda function handler is the method in your function code that processes events. When your function is invoked, Lambda runs the handler method.
cat <<EOF > app.js exports.handler = async (event) => { const response = { statusCode: 200 body: JSON.stringify('Hello from Lambda!') }; return response; }; EOF Create and Build a Docker Image
Create a Dockerfile that will be used to build the image for our Lambda function:
cat <<EOF > Dockerfile FROM public.ecr.aws/lambda/nodejs:14 COPY app.js package.json ./ RUN npm install CMD [ "app.handler" ] EOF Build the Docker image in your local environment. You will need to install dependencies using npm:
npm init -y docker build -t hello-world . Publish the Docker image to ECR
Publish the Docker image to an ECR repository. It’s a requirement for container images to be published to the ECR repository to run Lambda OCI image functions.
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) export AWS_REGION=us-west-2 aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com aws ecr create-repository --repository-name hello-world --image-scanning-configuration scanOnPush=true --image-tag-mutability MUTABLE docker tag "hello-world:latest ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/hello-world:latest" docker push "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/hello-world:latest" Deploy the Lambda OCI function using the ACK Lambda controller
The following example creates a manifest that contains the Lambda OCI function. It then uses kubectl to create the resource in Kubernetes:
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) export IMAGE_URI="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/hello-world:latest " export FUNCTION_NAME="lambda-oci-ack" export LAMBDA_ROLE="arn:aws:iam::${AWS_ACCOUNT_ID}:role/lambda_basic_execution" read -r -d '' LAMBDA_MANIFEST <<EOF apiVersion: lambda.services.k8s.aws/v1alpha1 kind: Function metadata: name: $FUNCTION_NAME annotations: services.k8s.aws/region: $AWS_REGION spec: name: $FUNCTION_NAME packageType: Image code: imageURI: $IMAGE_URI role: $LAMBDA_ROLE description: function created by ACK lambda-controller e2e tests EOF echo "${LAMBDA_MANIFEST}" > function.yaml kubectl create -f function.yaml You should get a confirmation that the function was created successfully.
function.lambda.services.k8s.aws/lambda-oci-ack created To get details about the Lambda function, run the following.
kubectl describe "function/${FUNCTION_NAME}" Invoke the Lambda OCI Function
After you have verified that the Lambda OCI function is deployed correctly, you can invoke the function through the AWS CLI.
aws lambda invoke --function-name ${FUNCTION_NAME} --region us-west-2 /dev/stdout | jq You will get the output as below:
{"statusCode":200,"body":"\"Hello from Lambda!\""} Next steps
The ACK service controller for Amazon Lambda is based on the Amazon Lambda API.
Refer to API Reference for Lambda to find all the supported Kubernetes custom resources and fields.
Cleanup
You can delete your Lambda OCI function using the kubectl delete command:
kubectl delete -f function.yaml To remove the Lambda ACK service controller, related CRDs, and namespaces, see ACK Cleanup.
To delete your EKS clusters, see Amazon EKS - Deleting a cluster.