How to Establish Connection Between Multiple EKS Clusters Using Gateway API and VPC Lattice?

adil
4 min readNov 2, 2023

Part 1 — A: How to configure the Gateway API?
Part 1 — B: How to use VPC Lattice in AWS?

Connecting two separate VPCs on AWS might be difficult because of routing rules and overlapping IP addresses.

Photo by Tom Chrostek on Unsplash

Things might be more complicated when creating a connection between services that run two separate EKS clusters.

The Gateway API and VPC Lattice allow for the connection between EKS clusters to be set up.

(See: How to use VPC Lattice in AWS?)

It is assumed that you read Part 1.

I have two EKS clusters, and I set up the Gateway API on each based on the prior article.

In EKS — 1, I have an order-app Deployment with order-svc Service.
In EKS — 2, I have a payment-app Deployment with payment-svc Service.

I want a bidirectional connection between the order-app and payment-app.

We will try to configure this diagram on AWS:

I’ve set up the AWS Gateway API Controller in the EKS — 1 cluster thanks to Part 1.

I’ll deploy the order-app in EKS — 1:

01–00-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: order-app
name: order-app
spec:
replicas: 2
selector:
matchLabels:
app: order-app
template:
metadata:
labels:
app: order-app
spec:
containers:
- image: ailhan/web-debug
name: order-app
env:
- name: TEXT
value: "Hello from the Order App"
- name: HOSTNAME
value: "true"
---
apiVersion: v1
kind: Service
metadata:
name: order-svc
spec:
selector:
app: order-app
ports:
- protocol: TCP
port: 80
targetPort: 80

Apply it in EKS — 1:

➜  ~ kubectl apply -f 01-00-deployment.yaml
deployment.apps/order-app created
service/order-svc created

I’ll deploy a Gateway in VPC Lattice:

01–01-gateway.yaml

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: common-gw
annotations:
application-networking.k8s.aws/lattice-vpc-association: "true"
spec:
gatewayClassName: amazon-vpc-lattice
listeners:
- name: http
protocol: HTTP
port: 80

Apply it in EKS — 1:

➜  ~ kubectl apply -f 01-01-gateway.yaml
gateway.gateway.networking.k8s.io/common-gw created

Create a routing rule for the order-app in VPC Lattice:

01–02-http-route.yaml

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: order-app-route
spec:
parentRefs:
- name: common-gw
sectionName: http
rules:
- backendRefs:
- name: order-svc
kind: Service
port: 80
matches:
- path:
type: PathPrefix
value: /

Apply it in EKS — 1:

➜  ~ kubectl apply -f 01-02-http-route.yaml
httproute.gateway.networking.k8s.io/order-app-route created

Let’s take a look at the resources in EKS — 1:

Let’s take a look at the service page in the VPC Lattice Console:

Created a VPC Lattice service with the required HTTP routing rules for the order-app in Kubernetes.

I’ll switch to the EKS — 2 cluster and deploy the payment-app:

kubectl config use-context <EKS-2-ID>

02–00-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: payment-app
name: payment-app
spec:
replicas: 2
selector:
matchLabels:
app: payment-app
template:
metadata:
labels:
app: payment-app
spec:
containers:
- image: ailhan/web-debug
name: payment-app
env:
- name: TEXT
value: "Hello from the Payment App"
- name: HOSTNAME
value: "true"
---
apiVersion: v1
kind: Service
metadata:
name: payment-svc
spec:
selector:
app: payment-app
ports:
- protocol: TCP
port: 80
targetPort: 80

Apply it in EKS — 2:

➜  ~ kubectl apply -f 02-00-deployment.yaml
deployment.apps/payment-app created
service/payment-svc created

02–01-gateway.yaml:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: common-gw
annotations:
application-networking.k8s.aws/lattice-vpc-association: "true"
spec:
gatewayClassName: amazon-vpc-lattice
listeners:
- name: http
protocol: HTTP
port: 80

Apply it in EKS — 2:

➜  ~ kubectl apply -f 02-01-gateway.yaml
gateway.gateway.networking.k8s.io/common-gw created

02–02-http-route.yaml

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: payment-app-route
spec:
parentRefs:
- name: common-gw
sectionName: http
rules:
- backendRefs:
- name: payment-svc
kind: Service
port: 80
matches:
- path:
type: PathPrefix
value: /

Apply it in EKS — 2:

➜  ~ kubectl apply -f 02-02-http-route.yaml
httproute.gateway.networking.k8s.io/payment-app-route created

Let’s take a look at the resources in EKS — 2:

Let’s take a look at the configurations in VPC Lattice:

EKS — 1’s VPC and EKS — 2’s VPC are in the same service network pool: common-gw

VPC ID of each cluster:

Let’s test it

--

--