Getting Started with Amazon EKS Using Auto Mode
Fastah containerized API offers enterprises a large volume, low latency, high security deployment model. The containers are compatible with AWS Elastic Kubernetes Service(EKS)
Prerequisites
AWS account credentials to create EKS cluster, update ~/.aws/credentials or set Access keys accordingly
Tools : eksctl, kubectl, Helm
Download save files: fastah-sa-iam-policy.json
Important Note: It is advisable to operate Fastah on a dedicated cluster for optimal performance and security.
EKS Cluster Creation
Fastah IP Location has been tested on top of Amazon EKS with Fargate enabled.
# Set the Fastah application version to be installed
export FASTAH_VERSION=2025.1.18
# Set the AWS region where the EKS cluster will be created
export AWS_REGION=us-east-1
# Specify the name of the EKS cluster to be created
export CLUSTER_NAME=fastah-ip-location
# Set the AWS account ID under which the EKS cluster will be provisioned
export AWS_ACCOUNT_ID=956272822528
# Customize the above environment variables according to your specific deployment requirements
Create EKS Cluster with Auto Mode Enabled
Note: You will require separate EKS cluster to isolate the Fastah service
# Create EKS cluster
eksctl create cluster --name ${CLUSTER_NAME} --region ${AWS_REGION} --enable-auto-mode
Note that Fastah uses Amazon EKS Auto Mode feature and it manages the EKS cluster in optimized manner. Above command will take around 20 minutes to complete
Enable OIDC
# Enable OIDC (OpenID Connect) for the EKS cluster
# This command associates an IAM OIDC identity provider with the EKS cluster, which is necessary for enabling Kubernetes service accounts to authenticate using AWS IAM roles.
eksctl utils associate-iam-oidc-provider --cluster ${CLUSTER_NAME} --approveEnable IAM Policy
Enable IAM Policy and create service accounts for Fastah
Note: Create a policy file named fastah-sa-iam-policy.json as described here : https://docs.getfastah.com/docs/iam-policies-for-fastah-api#/
# Service account for Fastah Application with required IAM policies (for licensing)
# Create a policy file named fastah-sa-iam-policy.json as described at: https://docs.getfastah.com/update/docs/iam-policies-for-fastah-api#/
aws iam create-policy --policy-name FastahLicensingIAMPolicy --policy-document file://fastah-sa-iam-policy.json
# Service account for the Fastah Application with required IAM policies
eksctl create iamserviceaccount \
--cluster=${CLUSTER_NAME} \
--namespace=fastah \
--name=fastah-ip-location-sa \
--attach-policy-arn=arn:aws:iam::${AWS_ACCOUNT_ID}:policy/FastahLicensingIAMPolicy \
--override-existing-serviceaccounts \
--approve
# First get all the pods and then mention one of the pod to access the shell
kubectl get pods -n fastah
# Note: fastah-ip-location-service-674996b688-568c9 is example pod in the below command to access shell
kubectl exec -n fastah --stdin --tty fastah-ip-location-service-674996b688-568c9 -- /bin/bashDeploy Fastah Application on the EKS Cluster
# Authenticate Docker and Helm to access the ECR repository in the us-east-1 region; Enable experimental OCI support in Helm
aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
export HELM_EXPERIMENTAL_OCI=1
# Deploy the Fastah application using Helm from the specified ECR repository.
helm install --namespace fastah ip-location-service oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/fastah/ip-location-container-p1 --version ${FASTAH_VERSION}
# Note: It may take approximately 3 minutes for the application to become fully operational.
# Retrieve the load balancer details of the Fastah application.
kubectl get svc -n fastah
# List all pods in the Fastah namespace.
kubectl get pods -n fastah
# To view the container startup logs, use the following command:
kubectl logs $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah
Verify Fastah application works
# Test the Fastah application by executing a curl command inside one of the pods.
# This should return the IP location details for 98.97.16.1.
kubectl exec -it $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah -- curl http://127.0.0.1:8080/whereis/v1/json/98.97.16.1
# This command retrieves environment information for the Fastah application in a running pod
kubectl exec -it $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah -- curl http://127.0.0.1:8080/env
# Note: It may take approximately 5 minutes for the ELB to become fully operational.
# Retrieve the external FQDN of the AWS Load Balancer associated with the Fastah service.
kubectl get svc service-fastah -n fastah -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"
# You may try the access from a machine within the VPC or using a pod as mentioned below
# To check the Fastah application via the Load Balancer's external FQDN, use the following command:
# This should return the IP location details for 98.97.16.1.
ELB_URL=$(kubectl get svc service-fastah -n fastah -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
kubectl exec -it $(kubectl get pods -n fastah -o jsonpath="{.items[0].metadata.name}") -n fastah -- curl http://$ELB_URL:8080/whereis/v1/json/98.97.16.1
Debugging issues
# To debug issues within the Fastah namespace, you can retrieve the events using the following command:
kubectl get events -n fastah
# Additionally, you can use the AWS Management Console to perform further debugging.
Clean up Cluster
How to delete namespace
kubectl delete namespace fastahHow to delete fatash EKS cluster
Caution! This will delete all part of EKS cluster like: instances, VPCs, etc. It takes around 10 minutes to complete.
eksctl delete cluster --name ${CLUSTER_NAME} --region ${AWS_REGION} --waitUpdated 3 months ago