AWS Application Networking is an implementation of the Kubernetes Gateway API. This project is designed to run in a Kubernetes cluster and orchestrates AWS VPC Lattice resources using Kubernetes Custom Resource Definitions like Gateway and HTTPRoute.

# Learn available `make` commands make help # This only needs to be run once after checking out the repo, and will install tools/codegen required for development # If you see this err "Go workspace's "bin" directory is not in PATH. Run 'export PATH="$PATH:${GOPATH:-$HOME/go}/bin"'." # fix it and rerun following.  make toolchain # Run this before submitting code make presubmit # Install CRDs (which only need once)  kubectl apply -f config/crds/bases/k8s-gateway-v1alpha2.yaml kubectl apply -f config/crds/bases/multicluster.x-k8s.io_serviceexports.yaml kubectl apply -f config/crds/bases/multicluster.x-k8s.io_serviceimports.yaml # Run the controller against the Kubernetes cluster pointed to by `kubectl config current-context` make run

# Add models to AWS CLI aws configure add-model --service-model file://scripts/aws_sdk_model_override/models/apis/vpc-lattice/2022-11-30/api-2.json --service-name vpc-lattice # List Services aws vpc-lattice list-services --endpoint-url=https://vpc-lattice.us-west-2.amazonaws.com 

make docker-build 

make build-deploy 

Step 1: Create an IAM OIDC provider for your cluster: https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html

eksctl utils associate-iam-oidc-provider --cluster <my-cluster> --approve 

Step 2: Create a policy in IAM that can invoke vpc-lattice API and copy the policy arn for later use (iam-policy.json is under /code) :

aws iam create-policy \ --policy-name AWSVPCLatticeControllerIAMPolicy \ --policy-document file://config/iam/recommended-inline-policy.json 

Step 3: Create iamserviceaccount for pod level permission

eksctl create iamserviceaccount \ --cluster=<my-cluster-name> \ --namespace=system \ --name=gateway-api-controller \ --attach-policy-arn=<AWSVPCLatticeControllerIAMPolicy ARN CREATED IN STEP 2> \ --override-existing-serviceaccounts \ --region us-west-2 \ --approve 

Step 4: deploy into cluster

kubectl apply -f deploy.yaml 

You can find more details are in Detail Notes and end-to-end Smoke Test.

To cut a new release, you will want to follow these steps:

1. Create a new Git branch for the new release.

export RELEASE_VERSION=v0.0.1 # Change this to the next release version you want git checkout main git fetch --all --tags && git rebase upstream/main git checkout -b release-$RELEASE_VERSION

2. Update the Helm Chart's version and appVersion to the new release version.

Open helm/Chart.yaml and change the version and appVersion to match the $RELEASE_VERSION.

Open helm/values.yaml and change the image.tag value to match the $RELEASE_VERSION.

3. Create a Git commit for the new release artifacts.

git commit -a -m "release artifacts for release $RELEASE_VERSION" git push origin release-$RELEASE_VERSION

4. Create a pull request from the release branch and have someone review and merge that for you.

5. Create a Git tag on the repository's main branch that points to the commit that you just got merged.

git checkout main git fetch --all --tags && git rebase upstream/main git tag -a $RELEASE_VERSION git push origin $RELEASE_VERSION

6. Package and publish the controller container image and Helm chart.

PULL_BASE_REF=$RELEASE_VERSION ./scripts/release-controller.sh 

NOTE: You will need to have exported an environment variable called ECR_PUBLISH_ROLE_ARN that contains an IAM Role that your AWS user has a trust relationship with and permission to publish to the ECR Public repositories. I personally have a file in ~/.aws/gateway-publisher that contains the following:

export ECR_PUBLISH_ROLE_ARN="arn:aws:iam::606627242267:role/ECRPublisher"

which I source before running the scripts/release-controller.sh script.

See CONTRIBUTING for more information.

This project is licensed under the Apache-2.0 License.