Getting Started with Containerized API on EKS

Prerequisites

AWS account credentials to create EKS cluster, update ~/.aws/credentials or set Access keys accordingly

Tools : eksctl, kubectl, Helm

Download save files: fastah-sa-iam-policy.json

EKS Cluster Creation

Fastah IP Location has been tested on top of AWS EKS with Fargate enabled.

# Set the Fastah application version to be installed
export FASTAH_VERSION=2025.1.18


# Set the AWS region where the EKS cluster will be created
export AWS_REGION=us-east-1

# Specify the name of the EKS cluster to be created
export CLUSTER_NAME=fastah-ip-location

# Set the AWS account ID under which the EKS cluster will be provisioned
export AWS_ACCOUNT_ID=956272822528

# Customize the above environment variables according to your specific deployment requirements

Create EKS CLuster

# Create an EKS cluster with Fargate enabled.
# This command provisions a Kubernetes cluster using Amazon EKS (Elastic Kubernetes Service)
# with Fargate as the compute provider, which allows you to run pods without provisioning or managing servers.
eksctl create cluster --name ${CLUSTER_NAME} --version 1.30 --fargate

Enable OIDC

# Enable OIDC (OpenID Connect) for the EKS cluster
# This command associates an IAM OIDC identity provider with the EKS cluster, which is necessary for enabling Kubernetes service accounts to authenticate using AWS IAM roles.
eksctl utils associate-iam-oidc-provider --cluster ${CLUSTER_NAME} --approve

Enable IAM Policy and create service accounts for Fastah and ELB

Note: Create a policy file named fastah-sa-iam-policy.json as described here : https://docs.getfastah.com/docs/iam-policies-for-fastah-api#/

# Service account for Fastah Application with required IAM policies (for licensing)
# Create a policy file named fastah-sa-iam-policy.json as described at: https://docs.getfastah.com/update/docs/iam-policies-for-fastah-api#/
aws iam create-policy --policy-name FastahLicensingIAMPolicy --policy-document file://fastah-sa-iam-policy.json

# Service account for the Fastah Application with required IAM policies
eksctl create iamserviceaccount \
--cluster=${CLUSTER_NAME} \
--namespace=fastah \
--name=fastah-ip-location-sa \
--attach-policy-arn=arn:aws:iam::${AWS_ACCOUNT_ID}:policy/FastahLicensingIAMPolicy \
--override-existing-serviceaccounts \
--approve



# Download the latest IAM policy for the AWS ELB
# This command fetches the most recent IAM policy JSON file required for the AWS Load Balancer Controller.
curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/refs/heads/main/docs/install/iam_policy.json


# Create an IAM policy named FastahAWSLoadBalancerControllerIAMPolicy using the downloaded JSON file.
aws iam create-policy --policy-name FastahAWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json

# Service account for the Elastic Loadbalancer with required IAM policies
eksctl create iamserviceaccount \
--cluster=${CLUSTER_NAME} \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--attach-policy-arn=arn:aws:iam::${AWS_ACCOUNT_ID}:policy/FastahAWSLoadBalancerControllerIAMPolicy \
--override-existing-serviceaccounts \
--approve

Configure the Load Balancer

# Add the EKS charts repository to Helm
helm repo add eks https://aws.github.io/eks-charts

# Update the Helm repository to fetch the latest charts
helm repo update eks 

# Retrieve the VPC ID of the specified EKS cluster
export VPC_ID=`aws eks describe-cluster --name fastah-ip-location --query "cluster.resourcesVpcConfig.vpcId" --output text`

# Install the AWS Load Balancer Controller using Helm
helm install aws-load-balancer-controller eks/aws-load-balancer-controller  --set clusterName=${CLUSTER_NAME} --set serviceAccount.create=false --set region=${AWS_REGION} --set vpcId=${VPC_ID} --set serviceAccount.name=aws-load-balancer-controller -n kube-system

# Wait for the Load Balancer Controller deployment to be ready in a few minutes.
# You can check the status by repeating this command after 3 minutes and ensuring that 2/2 is under READY.
kubectl get deployment -n kube-system aws-load-balancer-controller

Enable the Fargate on the fastah namespace

# Create a Fargate profile for the 'fastah' namespace in the specified EKS cluster.
# This allows pods in the 'fastah' namespace to run on AWS Fargate, which is a serverless compute engine for containers.
eksctl create fargateprofile --cluster ${CLUSTER_NAME} --region ${AWS_REGION} --name service-fastah --namespace fastah

Deploy Fastah Application on the EKS Cluster

# Authenticate Docker and Helm to access the ECR repository in the us-east-1 region;  Enable experimental OCI support in Helm
aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
export HELM_EXPERIMENTAL_OCI=1


# Deploy the Fastah application using Helm from the specified ECR repository.
helm install --namespace fastah ip-location-service oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/fastah/ip-location-container-p1 --version ${FASTAH_VERSION}


# Note: It may take approximately 3 minutes for the application to become fully operational.


# Retrieve the load balancer details of the Fastah application.
kubectl get svc -n fastah

# List all pods in the Fastah namespace.
kubectl get pods  -n fastah

# To view the container startup logs, use the following command:
kubectl logs $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah

Verify Fastah application works

# Test the Fastah application by executing a curl command inside one of the pods.
# This should return the IP location details for 98.97.16.1.
kubectl exec -it $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah -- curl http://127.0.0.1:8080/whereis/v1/json/98.97.16.1

# This command retrieves environment information for the Fastah application in a running pod
kubectl exec -it $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah -- curl http://127.0.0.1:8080/env


# Note: It may take approximately 5 minutes for the ELB to become fully operational.

# Retrieve the external FQDN of the AWS Load Balancer associated with the Fastah service.
kubectl get svc service-fastah -n fastah -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"

# You may try the access from a machine within the VPC or using a pod as mentioned below

# To check the Fastah application via the Load Balancer's external FQDN, use the following command:
# This should return the IP location details for 98.97.16.1.
ELB_URL=$(kubectl get svc service-fastah -n fastah -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
kubectl exec -it $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah -- curl http://$ELB_URL:8080/whereis/v1/json/98.97.16.1

Debugging issues

# To debug issues within the Fastah namespace, you can retrieve the events using the following command:
kubectl get events -n fastah

# Additionally, you can use the AWS Management Console to perform further debugging.

References