new: Added Gateway API lab#1852
Open
desaiajayhnr wants to merge 6 commits into
Open
Conversation
- New workshop module: fundamentals/exposing/gateway-api - Covers GatewayClass, Gateway, HTTPRoute, LoadBalancerConfiguration CRDs - Includes three lab sections: Exposing UI, Path-Based Routing, Canary Deployment - Uses LBC v3.3.0 with --defaultTargetType=ip for ClusterIP service compatibility - Terraform installs Gateway API CRDs and AWS LBC Gateway CRDs via kubectl apply - TargetGroupConfiguration for catalog health check (/health) - Cross-namespace routing with allowedRoutes.namespaces.from: All - Canary deployment with weighted traffic splitting (90/10, 50/50, 0/100) - Fix ECR Public auth in Makefile for create/destroy-infrastructure targets - Fix pids array unbound variable in create-infrastructure.sh
- Add kubectl wait for Gateway Programmed condition (600s timeout) - Fix sourceRanges fallback when INBOUND_CIDRS is empty - Update path-based-routing to use /catalog/products endpoint - Add sample curl output for catalog and UI verification - Remove ExternalDNS from introduction (not used in this module) - Remove step numbers from exposing-ui and canary pages - Consolidate verify commands into single code block - Add orange theme screenshot for canary completion - Update test-durations.json for ~30 min estimated time
✅ Deploy Preview for eks-workshop ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
niallthomson
requested changes
May 28, 2026
Contributor
There was a problem hiding this comment.
Thanks @desaiajayhnr ! Few changes requested, main thing is to remove external DNS stuff we aren't using.
Can we also remove the .kiro directory
| ui-route 2m | ||
| ``` | ||
|
|
||
| <!-- |
Contributor
There was a problem hiding this comment.
I assume we probably need this?
Contributor
Author
There was a problem hiding this comment.
Yes we need this, as we created the httproute above.
| cluster_version = var.eks_cluster_version | ||
| oidc_provider_arn = var.addon_context.eks_oidc_provider_arn | ||
|
|
||
| enable_external_dns = true |
Contributor
There was a problem hiding this comment.
Not using external DNS any more.
Contributor
Author
There was a problem hiding this comment.
Deleted the logic for external dns as we are not using it
| value = { | ||
| LBC_CHART_VERSION = var.load_balancer_controller_chart_version | ||
| LBC_ROLE_ARN = module.eks_blueprints_addons.aws_load_balancer_controller.iam_role_arn | ||
| DNS_CHART_VERSION = var.external_dns_chart_version |
Contributor
Author
There was a problem hiding this comment.
Deleted as we are not suing external dns
| Apply the LoadBalancerConfiguration: | ||
|
|
||
| ```bash | ||
| $ export SOURCE_RANGES=$(echo $INBOUND_CIDRS | tr ',' '\n' | sed 's/^/ - "/;s/$/"/') |
Contributor
There was a problem hiding this comment.
It might be easier to use this notation:
sourceRanges: ["a", "b"]
instead of:
sourceRanges:
- "a"
- "b"
I think you can do that with jq like this:
export SOURCE_RANGES=$(echo $INBOUND_CIDRS | jq -R 'split(",")')
But will need verified.
Contributor
Author
There was a problem hiding this comment.
Implemented the above recommendation
- Remove ExternalDNS from Terraform main.tf, vars.tf, outputs.tf, cleanup.sh - Remove Route 53 private hosted zone (not needed without ExternalDNS) - Simplify sourceRanges using jq JSON array notation instead of sed - Remove commented-out code blocks from exposing-ui.md - Fix GATEWAY_URL export in the verify section - Remove .kiro directory from git tracking
- Remove ExternalDNS from Terraform main.tf, vars.tf, outputs.tf, cleanup.sh - Remove Route 53 private hosted zone (not needed without ExternalDNS) - Simplify sourceRanges using jq JSON array notation instead of sed - Remove commented-out code blocks from exposing-ui.md - Fix GATEWAY_URL export in the verify section - Remove .kiro directory from git tracking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Summary
Adds a new Gateway API workshop module under fundamentals/exposing/gateway-api that teaches learners how to expose and route traffic using the Kubernetes Gateway API with the AWS Load Balancer Controller (v3.3.0). This module serves as the Gateway API equivalent of the existing Ingress module, demonstrating the successor API with its role-oriented design.
What's included
Workshop documentation (4 pages):
Deploy the Controller — Learner installs LBC v3.3.0 via Helm with --defaultTargetType=ip
Exposing the UI — Create GatewayClass, LoadBalancerConfiguration, Gateway, and HTTPRoute to provision an internet-facing ALB
Path-Based Routing — Cross-namespace HTTPRoute for the catalog service with TargetGroupConfiguration for health checks
Canary Deployment — Progressive traffic shifting using weighted backendRefs (90/10 → 50/50 → 0/100)
Manifests:
exposing-ui/: GatewayClass, LoadBalancerConfiguration (scheme: internet-facing, sourceRanges), Gateway (with infrastructure.parametersRef), HTTPRoute
path-based-routing/: Catalog HTTPRoute (/catalog prefix) + TargetGroupConfiguration (healthCheckPath: /health)
canary/: ui-v2 Deployment (orange theme), Service, and weighted HTTPRoute variants
Terraform (prepare-environment):
Installs standard Gateway API CRDs via kubectl apply from GitHub releases
Installs AWS LBC Gateway-specific CRDs (TargetGroupConfiguration, LoadBalancerConfiguration, ListenerRuleConfiguration)
Creates IAM role for the AWS Load Balancer Controller
Exports LBC_CHART_VERSION and LBC_ROLE_ARN as environment variables
Cleanup script:
Deletes HTTPRoutes, Gateways, GatewayClasses, TargetGroupConfigurations, LoadBalancerConfigurations
Waits for ALB deprovisioning before uninstalling Helm charts
Force-removes finalizers if Gateway deletion is stuck
Removes CRDs at the end
Test hooks:
hook-exposing-ui.sh — Polls ALB until HTTP 200
hook-path-routing.sh — Validates /catalog/products returns 200
hook-canary.sh — Verifies ui-v2 pods and HTTPRoute acceptance
Bug fixes (unrelated to Gateway API content)
Makefile: Added ECR Public authentication (aws ecr-public get-login-password) to create-infrastructure and destroy-infrastructure targets to fix 403 Forbidden errors on Docker pulls
hack/create-infrastructure.sh: Fixed pids[@]: unbound variable error when clusters already exist by guarding the array iteration with a length check
Key design decisions
Uses LBC v3.3.0 (Gateway API GA) instead of v2.x which required feature gates
Uses LoadBalancerConfiguration CRD for ALB settings (scheme, sourceRanges) instead of annotations — the v3.x recommended approach
Uses --defaultTargetType=ip Helm flag so ClusterIP services work without per-service TargetGroupConfigurations
Gateway listener uses allowedRoutes.namespaces.from: All to enable cross-namespace routing for the catalog HTTPRoute
Follows the same learner-installs-controller pattern as the existing Ingress module
Testing
Verified end-to-end: prepare-environment → deploy controller → expose UI → path-based routing → canary deployment
ALB provisions as internet-facing with correct security group source ranges
Catalog health checks pass on /health
Weighted traffic splitting confirmed with theme-based visual verification
Which issue(s) this PR fixes:
Fixes # #1840
Quality checks
make test module="fundamentals/exposing"it was successful (see https://github.com/aws-samples/eks-workshop-v2/blob/main/docs/automated_tests.md)By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.